OpenID Connect
SIM uses OpenID Connect for it's authentication between the API and a client. While OpenID Connect supports multiple flows, we only support the authorisation code flow. OpenID Connect is built on top of OAuth2.0
End Points
| URL | Description |
|---|---|
| https: | Base authorization URL |
| Token URL | |
| Revocation URL |
Scopes
| Name | Description |
|---|---|
| identity | allows /users/@me |
| organisations | allows /users/@me/organisations |
We currently do not support scopes but plan to sometime in the future.
Authorisation Code Flow
Base Authorisation Example
Make sure the `` is exactly the same as you registered with the application.
Ensure that this page is shown within the application as it will prompt the user to login and authorise the application. SIM currently only accepts third party authentication and will redirect to this third party as part of the flow. The third party login screen must also be shown within the application.
Redirect Example
The application should validate the and consume the associating it with the user. The `` must be kept secret by the app as it can allow the application to act on behalf of the user.
To act on behalf of the user, the code must be exchanged for a token uring the Token URL using a HTTP POST request.
Token Post Data Example
| Parameter | Example |
|---|---|
| client_id | CLIENT_ID |
| client_secret | CLIENT_SECRET |
| grant_type | `` |
| code | The user's `` |
| redirect_uri | REDIRECT_URI |
| scope | `` |
Token Response Example