This OAuth2 Guide provides information about Sequencing.com's OAuth2 system. Our simple yet secure OAuth2 system is used to authenticate apps with our API.
Sequencing.com uses the industry standard OAuth2 protocol for authentication. If you are interested in details, please refer to our explanation on our Github page.
Sequencing.com provides libraries, code snippets / sample code and plugins for implementing Authentication and all components of the +RTP API.
- Please visit https://github.com/SequencingDOTcom to view our repositories and access the code.
Authentication flow
Sequencing.com uses standard OAuth approach which enables applications to obtain limited access to user accounts on an HTTP service from 3rd party applications without exposing the user's password. OAuth acts as an intermediary on behalf of the end user, providing the service with an access token that authorizes specific account information to be shared.
Steps
Step 1: Authorization Code Link
First, the user is given an authorization code link that looks like the following:
https://sequencing.com/oauth2/authorize?redirect_uri=REDIRECT_URL&response_type=code&state=STATE&client_id=CLIENT_ID&scope=SCOPES
Here is an explanation of the link components:
- https://sequencing.com/oauth2/authorize: the API authorization endpoint
- client_id=CLIENT_ID: the application's client ID (how the API identifies the application)
- redirect_uri=REDIRECT_URL: where the service redirects the user-agent after an authorization code is granted
- response_type=code: specifies that your application is requesting an authorization code grant
- scope=CODES: specifies the level of access that the application is requesting
Screenshot below shows authorization dialog shown when following the link shown above
Step 2: User Authorizes Application
When the user clicks the link, they must first log in to the service, to authenticate their identity (unless they are already logged in). Then they will be prompted by the service to authorize or deny the application access to their account. Here is an example authorize application prompt
Step 3: Application Receives Authorization Code
If the user clicks "Authorize Application", the service redirects the user-agent to the application redirect URI, which was specified during the client registration, along with an authorization code. The redirect would look something like this (assuming the application is "php-oauth-demo.sequencing.com"):
https://php-oauth-demo.sequencing.com/index.php?code=AUTHORIZATION_CODE
Step 4: Application Requests Access Token
The application requests an access token from the API, by passing the authorization code along with authentication details, including the client secret, to the API token endpoint. Here is an example POST request to Sequencing.com token endpoint:
https://sequencing.com/oauth2/token
Following POST parameters have to be sent
- grant_type='authorization_code'
- code=AUTHORIZATION_CODE (where AUTHORIZATION_CODE is a code acquired in a "code" parameter in the result of redirect from Sequencing.com)
- redirect_uri=REDIRECT_URL (where REDIRECT_URL is the same URL as the one used in step 1)
Include the following in the header
Authorization: Basic base64_encode([your-client-id] . ':' . [your-client-secret])
Note: if you experience any issue with Step 4, please make sure that you have added the “Authorization” header to the request.
Step 5: Application Receives Access Token
If the authorization is valid, the API will send a JSON response containing the access token to the application.
Step 6: Token expires and needs to be refreshed
If the OAuth access token has expired, it may be refreshed by making a request to the OAuth server and passing in the expired OAuth token.
https://sequencing.com/oauth2/authorize?grant_type=refresh_token&refresh_token=your-oauth-token
Include the following in the header
Authorization: Basic base64_encode([your-client-id] . ':' . [your-client-secret])
