Authentication Methods

Authentication Methods

Authentication Methods are different ways for a client to obtain an Access Token when authenticating a user. This page will explain all the available authentication methods and how they are intended to be used in details.


The redirect authentication method is a simple authentication flow designed for websites/web applications where polling the authentication request wouldn't be efficient. Instead this method doesn't require you to request authentication, all you need is a authentication permalink and the Authentication Prompt will handle the rest.
Just create a link with this URL format, add your own Application ID to the application_id parameter and the location where you handle COA authentication to redirect, for example should attempt to verify the access_token parameter if the user is not authenticated, once you verify the access token you can retrieve information about the user. The authentication prompt will only redirect the user to the provided authentication URL if the user has authenticated.

Application Placeholder

Application Placeholder is an ideal authentication method for clients/applications where the client is constantly checking the status of the Request Authentication Token. Your client first requests authentication, in the response the sever should return a Request Token and the authentication URL that the user must visit in their web browser in order to authenticate.
During this time the client will constantly check the Request Token's status with the Process Authentication method and wait till the user authenticates using the URL that the server provided. As soon as the user authenticates the Process Authentication method will return an Access Token allowing the client to retrieve information about the user.


This authentication method is a more limited version of Application Placeholder, this method works the same way as Application Placeholder where the client must request authentication in order to obtain a Request Token and the URL where the user must open to authenticate.

However, in cases where the client cannot constantly check the authentication status with Process Authentication then the client can have a way for the user to input the Access Token into the client's interface. Once the user authenticates they will be shown a Access Token with instructions prompting the user to copy and paste this Access Token to the client.