Authentication

OAuth 2.0

Authentication for the backend users is done through OAuth 2.0 - specifically using the implicit grant.

Laravel Passport is used to implement this.

Token Lifetime

Token	Lifetime

Token	Lifetime
`access_token`	18 months

Steps to Obtain an Access Token

Register your application as a client (this is a manual process and must be carried out by a developer upon request)
Forward your user to the authorisation endpoint which will then redirect the user back to your applications endpoint with the access token:

const parameters = [
  "client_id=1", // Change this to the client ID for your application
  "redirect_uri=https%3A%2F%2Fexample.com", // Change this to the redirect URI you associated with your application when registering it
  "response_type=token"
];
const query = parameters.join("&");
window.location.href = `https://api.connectedkingston.uk/oauth/authorize?${query}`;

Setup logic on the redirect_uri route which parses the access token and stores it for use (the token is appended to a # and not as part of the query string):

// This working example will parse everything after the # and return the key/value pairs as an object
function parseQueryString(url) {
  let query = url.substring(url.indexOf("#") + 1);

  let e,
    a = /\+/g, // Regex for replacing addition symbol with a space
    r = /([^&;=]+)=?([^&;]*)/g,
    d = function(s) {
      return decodeURIComponent(s.replace(a, " "));
    },
    q = query,
    urlParams = {};

  /* jshint ignore:start */
  while ((e = r.exec(q))) {
    urlParams[d(e[1])] = d(e[2]);
  }
  /* jshint ignore:end */

  return urlParams;
}