Create a User Authorization Token from Auth0
To begin an authorization flow, your application needs to send the user to the authorization URL.
The purpose of this call is to get consent from the user to invoke the API (specified in audience) and perform specific tasks (specified in scope) on behalf of the user. Auth0 authenticates the user and obtains consent, unless consent has been given previously. If you alter the value in scope, then Auth0 requires consent again.
For complete information on generating user authorization token, click here.
Important
This user authorization token is used as a Bearer Token which is passed in the header, when the U-Assist APIs are accessed from the external services and authorization is required for the request.
This user authorization token is used when the U-Assist APIs are accessed through any of the API tools.
Getting an Authorization Code
Login to auth0 to configure this snippet with your account.
https://{yourDomain}/authorize?
response_type=code&
client_id={yourClientId}&
redirect_uri={https://yourApp/callback}&
scope={scope}&
state={state}Parameter Name | Description |
|---|---|
| Denotes the kind of credential that Auth0 returns (code or token). For this flow, the value must be code. |
| Your application's Client ID. |
| The URL to which Auth0 directs the browser after the user grants authorization. |
| Specifies the scopes for which you want to request authorization. These must be separated by a space. |
| An opaque arbitrary alphanumeric string your app adds to the initial request that Auth0 includes when redirecting back to your application. |
If the request has succeeded, you receive an HTTP 302 response. The authorization code is included at the end of the URL:
HTTP/1.1 302 Found
Location: {https://yourApp/callback}?code={authorizationCode}&state=xyzABC123Request tokens
This Authorization Code is to be exchanged for tokens. You need to POST the extracted Authorization Code (code) from the previous step to the token URL.
Login to auth0 to configure this snippet with your account.
curl --request POST \
--url 'https://{yourDomain}/oauth/token' \
--header 'content-type: application/x-www-form-urlencoded' \
--data grant_type=authorization_code \
--data 'client_id={yourClientId}' \
--data 'client_secret={yourClientSecret}' \
--data 'code=yourAuthorizationCode}' \
--data 'redirect_uri={https://yourApp/callback}'Parameter Name | Description |
|---|---|
| Set this to |
| The |
| Your application's Client ID. |
| Your application's Client Secret. |
| The valid callback URL set in your Application settings. This must exactly match the redirect_uri passed to the authorization URL in the previous step. It must be URL encoded. |
If the request has succeeded, you receive an HTTP 200 response with a payload containing access_token, refresh_token, id_token, and token_type values:
{
"access_token": "eyJz93a...k4laUWw",
"refresh_token": "GEbRxBN...edjnXbL",
"id_token": "eyJ0XAi...4faeEoQ",
"token_type": "Bearer"
}ID tokens contain user information that must be decoded and extracted.
Access tokens are used to call the Auth0 Authentication API's /userinfo endpoint or another API. If you are calling your own API, then your API needs to verify the Access token.
Refresh tokens are used to obtain a new access token or ID token after the previous one has expired. The refresh_token is only present in the response if you include the offline_access scope.
Response and Error Codes
Response and Error Code | Description |
|---|---|
401 | Authentication failed. This response code will be shown if any of the following scenarios occur:
|