Always Learning


This use case describes the step-by-step process to submit an API request using the OAuth 2.0-Password protocol.

Libraries & Sample Code

Reading the documentation is wise to better understand how to create a signature and use it in a request. To make implementation easier, we have the LearningStudio Libraries that can generate a signature for a request, and even fire the request handling authentication behind the scenes. If you want to roll your own code, check out the OAuth 2 sample code for working examples.

Build and Submit Sequence

Click the link to open the referenced content.

Step Notes

1. User logins into application with username and password.

2. Application builds the request body using the username/password and requests the access and refresh tokens for the user.

POST /token

Application must have a valid application ID and Educational Partner client string.

3. Application saves the access and refresh tokens that were returned in the response body. It also starts tracking how much time is left until the access token expires.

Request OAuth 2.0 Tokens - Response Body for Initial Password Authentication

4. Application adds the access token to either the X-Authorization or the Cookie parameter in the request header for all subsequent API requests made for the user.

Using OAuth 2.0 Authorization Tokens

5. When the access token is due to expire, application builds the request body using the saved refresh token and requests new access and refresh tokens.

POST /token

6. Application can repeat steps 3 through 5 as many times as necessary to support the user in the current application session. Be sure to use only the latest set of access and refresh tokens.

The use case for Submit API Request Using OAuth 2.0-Password is finished.

6023 reads
Always Learning