Client-Side Web Applications - Implicit Grant

In order to access our API from client-side web applications, such as a Single Page Application, you’ll need to implement the Implicit Grant OAuth2 flow.

This authorization flow is a one-step process:

  • Request an access token

1. Authorize the user

Redirect the user to the /authorize endpoint. The user will authenticate and grant your application access for the requested scopes

https://auth.homelyfe.com/authorize?
audience=API_IDENTIFIER&
scope=SCOPE&
response_type=token&
client_id=CLIENT_ID&
redirect_uri=REDIRECT_URI&
nonce=NONCE&
state=STATE

Request Parameters

Parameter

Value

audience

The API you are requesting access for (API Base URL)

scope

The scopes that you want to request authorization for. Each scope must be separated by a space.

response_type

token

client_id

Your application’s Client ID (provided by Aventus when you registered your application)

redirect_uri

The redirect_uri of your application, where authentication responses will be sent to.

The redirect uri must exactly match one of the callback URLs provided when registering your application

nonce

A string token which will be included in the ID token response, this is used to prevent token replay attacks

state

A randomly generated unique value included in the request that is also returned in the token response, this is used to prevent cross-site request forgery attacks.

Response

At this point, the user is asked to enter their credentials and consent to the scopes requested by your application. After the user has granted consent to your application, Aventus sends a response to the redirect_uri with the access_token in the hash fragment.

https://REDIRECT_URI#access_token=TOKEN&state=STATE&token_type=TOKEN_TYPE&expires_in=EXPIRES_IN

Parameter

Description

access_token

The requested access token as a signed JSON Web Token (JWT). Your application can use this token to access the Aventus Platform API.

state

The state parameter sent in the response should be the same value sent in the request. It is good practice to verify that the state values in the request and response are identical.

token_type

Indicates the token type. The only token type supported by the Aventus Platform is Bearer

expires_in

How long the access token is valid (in seconds)