Getting a bearer token

To obtain barear token access_token additionally this tutorial contain flow for offline_access which allows you to refresh access token, you have to :

  1. At the beginning, you have to specify client_id which is your app id, and scopes openid, profile, email, account are required one. Additionally if you want to be able to refresh access token then add offline_access. This step is usually what user will see.

    a. https://identity.justgiving.com/connect/authorize?client_id=68d9341b&response_type=code&scope=openid+profile+email+account+fundraise+offline_access&redirect_uri=http%3A%2F%2Flocalhost&nonce=ba3c9a58dff94a86aa633e71e6afc4e3

  2. When you obtain code from previous call you can call

    POST: /connect/token

    HOST: https://identity.justgiving.com

    Authorization: Basic {yourBase64EncodedCredentials in form appId:secret key}

    Encoded form parameters : grant_type = authorization_code, code = code_from_previouse_call, redirect_uri = redirects_uri

    Response should be : "{\"id_token\":\"Very long token\",\"access_token\":\"access token to use for api call\",\"expires_in\":3600,\"token_type\":\"Bearer\",\"refresh_token\":\"refresh token required for next call\"}"

  3. Now you can call any of authorized resources that user gave access i.e

    GET: /account

    HOST: https://api.justgiving.com

    Authorization: Bearer {access_token}

    Headers : x-application-key : secret_key

  4. Now if you want to refresh expired token, take refresh_token and call :

    POST: /connect/token

    HOST: https://identity.justgiving.com

    Authorization: Basic {yourBase64EncodedCredentials}

    Encoded form parameters : grant_type = authorization_code, refresh_token = token from previous call, redirect_uri = redirect uri

    Response should be : "{\"access_token\":\"access token to use for api call\",\"expires_in\":3600,\"token_type\":\"Bearer\",\"refresh_token\":\"refresh token\"}"

1 Comments

  • 1
    Avatar
    Terry W

    How do I get this "secret key" which all your documentation seems to mention for oAuth, as I'm unable to find one for my application?

    Is it something I generate myself?

Please sign in to leave a comment.