Security

Documentation explaining security features and practices relevant to AgSync API.

Authentication

AgSync leverages an implementation of the OpenID Connect specification. OpenID Connect is an identity layer on top of the OAuth 2.0 Protocol. See OpenID Connect Documentation for more information about the specification.

Authorization Code Flow

This flow is used when the client does not want to create their own login page, but still wants refresh token ability. It is recommended to use this flow as the user only has to login once and the refresh token can be used to retrieve access tokens going forward.

Implicit Flow

This implicit grant flow can be used by both web-based and native applications.

Hybrid Flow

This flow is a combination of the implicit flow and authorization code flow. It is used when the client does not want to create their own login page, but still wants refresh token ability. It is recommended to use this flow because the user only has to login once and then the refresh token can be used to retrieve access tokens going forward.

Refresh Tokens

If one already has a refresh token and the access token has expired, one will need to get another access token using the refresh token. Call the token endpoint specified in the discovery document and pass the grant type and the token. Doing so will get a new access token.

Supported Scopes

A list of scopes is available at the discovery endpoints listed in Authentication. Further descriptions of AgSync specific supported scopes are listed below: