Authorization Request
The client constructs the request URI by adding the following parameters to the query component of the authorization endpoint URI using the “application/x-www-form-urlencoded” format, per Appendix B of RFC 6749:
| Key | Required | Description |
|---|---|---|
| response_type | Yes | Value MUST be set to “sid” |
The client makes a request to the constructed URI.
For example, the client makes the following HTTP request using TLS:
GET /authorize?response_type=sid HTTP/1.1
Host: server.example.com
The authorization server validates the request to ensure that all required parameters are present and valid.
Authorization Response
The authorization server issues a Stratis Id URI and delivers it to the client by returning a response code of 200 OK, using the “text/plain” format. An example successful response:
HTTP/1.1 200 OK
Content-Type: text/plain
"sid:app.opdex.com/v1/ssas?uid=KI1VrzERA5mbGb6irCLmIn-T2HmBe0YxhdcxP9pbEF_Ii9gVmPSw-LtIatqKhhXzlD3-lFcD38-LKlvuNdcjug&exp=1651235800"
Access Token Request
The client makes a request to the token endpoint by adding the following parameters using the “application/x-www-form-urlencoded” format per Appendix B of RFC 6749 with a character encoding of UTF-8 in the HTTP request entity-body:
| Key | Required | Description |
|---|---|---|
| grant_type | Yes | Value MUST be set to “sid” |
| sid | Yes | The Stratis ID string received from the authorization response |
| public_key | Yes | Blockchain address used to create the signature |
| signature | Yes | Signed Stratis ID |
For example, the client makes the following HTTP request using TLS:
POST /token HTTP/1.1
Host: server.example.com
Content-Type: application/x-www-form-urlencoded
grant_type=sid&sid=sid:app.opdex.com/v1/ssas?uid=KI1VrzERA5mbGb6irCLmIn-T2HmBe0YxhdcxP9pbEF_Ii9gVmPSw-LtIatqKhhXzlD3-lFcD38-LKlvuNdcjug&exp=1651235800&public_key=&signature=
The authorization server MUST:
- validate the validity of the stratis ID
- verify that the public_key is a valid address
- verify that the signature is valid
- ensure that the token is issued if the signature can be verified
Access Token Response
If the access token request is valid and authorized, the authorization server issues an access token and optional refresh token as described in Section 5.1 of RFC 6749. If the request client authentication failed or is invalid, the authorization server returns an error response as described in Section 5.2 of RFC 6749.
An example successful response:
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"access_token":"2YotnFZFEjr1zCsicMWpAA",
"token_type":"example",
"expires_in":3600,
"refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
"example_parameter":"example_value"
}