Skip to main content

Authentication

AgSync leverages an implementation of the OpenID Connect specification. OpenID Connect is an identity layer on top of the OAuth 2.0 Protocol. See OpenID Connect Documentation for more information about the specification.

OpenID Connect provides programming language specific examples:

A notable sample project for reference:

Obtaining Client Credentials

Implicit flow is used for authentication with AgSync using the server discovery page, client ID, and client secret. A client ID and secret may be obtained by contacting AgSync support.

The following information must be submitted to AgSync Support (apisupport@ravenind.com) prior to obtaining a client ID or secret:

  • Client name.
    • This is your name as you would like it displayed.
  • Client URI.
    • Uniform resource identifier (URI) or link to your website.
    • This link will be present under your logo on the AgSync Authentication page.
  • Logo URI.
    • This is a link to your logo. This will be shown on the Slingshot authentication page.
  • Flow type.
    • Either Implicit, Hybrid, or Authorization Code. See the below documentation for more information.
  • Redirect URIs.
    • This is a link to the token server. You must be using HTTPS
    • These are a list of the allowed locations in which a user will be redirected to after we respond to you with token information. See the OpenID specification for detailed information.
  • Do you require an Integration Partner ID on your token?
    • If required, the time needed for Slingshot to create an Authentication client will be much longer. Unless this is deemed necessary by Raven personnel, we suggest first creating the auth client without this option. If necessary, it can be added at a later point.
    • For more information, refer to the Integration Partners section.
  • Refresh token time.
    • Default refresh token times are listed below. If this is a problem, let us know and we will work to accommodate your special needs.
      • 15 day sliding refresh token time. If the refresh token is not used in 15 days, it is marked as invalid and you will need to retrieve a new token.
      • 1 year absolute expiration. A user is required to login within a year to re-authenticate your application.

Token Sequence Diagram

Diagram showing lifecycle of a token
Click anywhere to close.
Diagram showing lifecycle of a token
Click image to expand.

URI Locations for OpenID Connect Discovery

Locations for OpenID can be found below: