OAuth2 Client Authorization#
The user agent (browser) access the application, on e.g.
https://my.application, and is redirected to the Argus OAuth authorization page
If not logged into Argus, the user is redirected to the Argus Login page, and then back to the OAuth authorization page
If the current user is permitted to access the specified client, Argus issues an authorization code, and redirects the user back to the
The external application uses the authorization code to authenticate against Argus,
using a form URL-encoded
curl -XPOSThttps://api.mnemonic.no/authentication/v1/oauth/token-d client_id=021269c5-04c3-4399-a206-32659c489803&client_secret=mySecretPassword&grant_type=authorization_code&code=b11f9f83-899b-42cb-a131-790d5a40247&redirect_uri=https://my.application/oauth/callback
Argus returns a Bearer token to the client, which is a valid Argus user session, with a short lifetime.
To use this token, the OAuth client must use an
Authorization: Bearer someuser/Pheifoo1dainoofa1uede5booxe0ahQu
The OAuth client application can now use the Bearer header to issue API operations on behalf of the authorizing user.
The OAuth session must be refreshed within the refresh timeout. If at the time of refresh, the authorizing user is logged out, the OAuth session will be rejected.
The OAuth session is constrained to the permissions of the authorizing user,in addition to the constraints imposed by configuration. The session will have the permissions which constitutes theintersection of the users permissions, and the constraints configured on the client.