Source Country Code

Details

This article is part of the article serie Setting up OAuth 2.0 - Introduction

In the previous step you have asked the end user for permission. By giving you permission the end user authorizes you to use his/her Twinfield account on his/her behalf. By now you should have received an authorization code from Twinfield. If you haven't received the authorization code, please repeat the previous step before you continue: Ask the end user for permission

In this step you will give the authorization code back to Twinfield. In exchange Twinfield will give you a refresh token.

Good to know: A refresh token is a unique token that belongs to one end user and one specific organization. It's valid for 25 years. You can only connect to Twinfield's API when you have an access token. Access tokens are valid for only 1 hour. You can use the refresh token to generate as much access tokens as you like for the next 25 years. If you have 100 end users then you will have 100 unique refresh tokens. Store the refresh token in a safe place. If you forget it, you will have to ask the end user for permission again.

To give the authorization code back to Twinfield you will need to send a POST request to this endpoint:
https://login.twinfield.com/auth/authentication/connect/token

In the previous step you sent along your client ID in the url when you requested the end user for permission. The authorization code is therefore connected to your client ID. You are now giving the authorization code back to Twinfield. Twinfield will only accept your authorization code when you can proof to Twinfield that you are the owner of your client ID. You can prove this by sending along an authorization string. Please refer to this article: How to create an authorization string

Use the table below for the headers that you need to send along in your POST request.

Header	Value
Content-Type	application/x-www-form-urlencoded
Authorization	Use your authorization string. Please refer to this article: How to create an authorization string

Use the table below for the body that you need to send along in your POST request:

Body	Value
code	Use the authorization code.
grant_type	Use this value: authorization_code
redirect_uri	Enter the redirect url that you chose while registrering your client ID. If you use another redirect url than the one you registered, you will receive an error.

If Twinfield accepted your authorization code and string, then you should receive a reply like this:

"id_token": "eyJ0eXAiOiJKV1QiLCJhbG################v3f3ug",
"access_token": "1a86##########5a7654",
"expires_in": 3600,
"token_type": "Bearer",
"refresh_token": "077e5##########722"
}

In the attachment of the introduction article you will find a Postman collection in which you will find an example of this POST request: Setting up OAuth 2.0 - Introduction

You might also be interested in this article: Can I find code snippets for C#, PHP and other languages?

Store the refresh token in a safe place and continue to the next step: Request an access token

Aanmaakdatum van artikel	18-12-2021 6:28

Titel	Setting up OAuth 2.0 - Request a refresh token

Totaaltelling van weergaven van artikel	764

URL-naam Request-a-refresh-token

Setting up OAuth 2.0 - Request a refresh token