Authentication Methods
Authentication Methods
Authentication Methods are different ways for a client to obtain an Access Token when authenticating a user. This page will explain all the available authentication methods and how they are intended to be used in details.Redirect
The redirect authentication method is a simple authentication flow designed for websites/web applications where polling the authentication request wouldn't be efficient. Instead this method doesn't require you to request authentication, all you need is a authentication permalink and the Authentication Prompt will handle the rest.
application_id
parameter and the location where you handle COA authentication
to redirect
, for example https://example.com/auth
should attempt to verify the access_token
parameter if the user is not
authenticated, once you verify the access token you can retrieve information about
the user.
The authentication prompt will only redirect the user to the provided authentication
URL if the user has authenticated.
Application Placeholder
Application Placeholder is an ideal authentication method for clients/applications where the client is constantly checking the status of the Request Authentication Token. Your client first requests authentication, in the response the sever should return a Request Token and the authentication URL that the user must visit in their web browser in order to authenticate.
During this time the client will constantly check the Request Token's status with the
Process Authentication
method and wait till the user authenticates using the URL that the server
provided. As soon as the user authenticates the Process Authentication
method will return an Access Token allowing the client to retrieve information about
the user.
Code
This authentication method is a more limited version of Application Placeholder, this method works the same way as Application Placeholder where the client must request authentication in order to obtain a Request Token and the URL where the user must open to authenticate.
However, in cases where the client cannot constantly check the authentication status
with Process Authentication
then the client can have a way for the user to input the Access Token into the client's interface.
Once the user authenticates they will be shown a Access Token with instructions
prompting the user to copy and paste this Access Token to the client.