My authentication token

The authentication system is based on the use of an authentication token called JWT Token ("Json Web Token"). This one is represented by the following parameters:

"access_token" being an encrypted data set
token_type" representing the type of token, in the case of the Mindbaz REST API "Bearer
"expires_in" representing the token expiration time in seconds
"refresh_token" being a temporary unique key (7 days) allowing to refresh the "access_token" once it has expired

Where to get the JWT authentication token?

In order to get an authentication token, you must send a 'POST' request to the authentication service via the following URL: https://sso.mindbaz.com/oauth2/token

The parameters to be specified in the form-urlencoded format are the following:

Parameter name	Value
grant_type	password
username	"User's login" (Provided during API account creation)
password	"User's password" (Set by API account holder)
client_id	100 (Be careful not to use here the site ID corresponding to the ID of your database!)

The return generated by the API is in the following form:

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL3Nzby5taW5kYmF6LmNvbSIsImlhdCI6MTYyMzY3MzI0MiwianRpIjoiNTAyNGUzYWYtZjM2Yi00OWU4LWEwZjMtOTBlOGVkZTRiOWI4IiwibmFtZSI6Imdsb3BlekBtaW5kYmF6LmNvbSIsInN1YiI6Imdsb3BlekBtaW5kYmF6LmNvbSIsImVtYWlsIjoiZ2xvcGV6QG1pbmRiYXouY29tIiwiZXhwIjoxNjIzNjc0NDQyLCJhdWQiOiJSZXN0QVBJIiwiY29va2V5IjoiYVU0MVp6UnhWRlJwUldFelYwWkRSRkJQYUZOU1FUMDkifQ.EOdHck1Pw9iL4UGN0Afso5GJ8mcHT_v5bmsyFm_MJkI",
  "token_type": "bearer",
  "expires_in": 1199,
  "refresh_token": "71b3ca358b014f0b95c07e6dfb76fae2"
}

Querying the Mindbaz API

Once the token is retrieved, each time you call the Mindbaz API, you must use the 'access_token' value in the "Authorization" parameter of your request header, preceded by the word "Bearer".

const ACCESS_TOKEN = "Bearer " + Cookies.get("access_token");
   const options = {
       headers: {
                Authorization: ACCESS_TOKEN
       }
   }
 }

Token expiration management

If the token has expired or is invalid, the response from the authentication service (SSO) will be "401 Unauthorized".

In this case, if you have a previous token, you must "refresh" it by sending a request to the SSO authentication service at the following url: https://sso.mindbaz.com/oauth2/token

The parameters to specify in 'form-urlencoded' format are the following:

Parameter name	Value
grant_type	refresh_token
refresh_token	"User's refresh_token"
client_id	100

The return generated by the API is in the following form:

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL3Nzby5taW5kYmF6LmNvbSIsImlhdCI6MTYyMzY3MzI0MiwianRpIjoiNTAyNGUzYWYtZjM2Yi00OWU4LWEwZjMtOTBlOGVkZTRiOWI4IiwibmFtZSI6Imdsb3BlekBtaW5kYmF6LmNvbSIsInN1YiI6Imdsb3BlekBtaW5kYmF6LmNvbSIsImVtYWlsIjoiZ2xvcGV6QG1pbmRiYXouY29tIiwiZXhwIjoxNjIzNjc0NDQyLCJhdWQiOiJSZXN0QVBJIiwiY29va2V5IjoiYVU0MVp6UnhWRlJwUldFelYwWkRSRkJQYUZOU1FUMDkifQ.EOdHck1Pw9iL4UGN0Afso5GJ8mcHT_v5bmsyFm_MJkI",
  "token_type": "bearer",
  "expires_in": 1199,
  "refresh_token": "71b3ca358b014f0b95c07e6dfb76fae2"
}

The call returns a valid "access_token" and a new "refresh_token" valid for the next refresh, the previous one having expired after use.

WARNING, do not request a new token at each api call!

Reuse your token during its entire validity period and request a refresh as soon as it has expired.

Here is an example of php code handling all use cases :

<?php
abstract class HttpMethod  {
    const GET = 0;
    const POST = 1;
    const PUT = 2;   
    const DELETE = 3;
}


// Get New Access Token
// Dont ask for a new access access_token when you have already a valid token
// reuse your access_token when it is possible!
function getAccessToken($username, $password) 
{   
    if( isset($_SESSION["access_token"]) 
        && isset($_SESSION["access_token_expiration"])
        && time() < $_SESSION["access_token_expiration"] - 10   )  //+10sec safety margin
    {
        
        //echo 'access_token from session ok<BR/>';
        return $_SESSION["access_token"];       
    }
    //SSO
    $sso_url  = 'https://sso.mindbaz.com/oauth2/token';
    $curl = curl_init($sso_url );
        
    //refresh token
    if( isset($_SESSION["refresh_token"]) )
    {
        $refresh=true;
        $curl_post_data = array(
                'client_Id' => '100',
                'grant_type' => 'refresh_token',
                'refresh_token' => $_SESSION["refresh_token"]
        );
    }
    else // get access token
    {
        $refresh=false;
        $curl_post_data = array(
                'client_Id' => '100',
                'grant_type' => 'password',
                'username' => $username,
                'password' => $password     
        );
    } 
    curl_setopt($curl, CURLOPT_POST, true);
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($curl_post_data));
    curl_setopt($curl, CURLOPT_CAINFO, getcwd() . "\\DSTRootCAX3.crt");

    $curl_response = curl_exec($curl);
        
    if ($curl_response === false) {     
        curl_close($curl);
        die('Error occured during curl exec '.$sso_url.' : curl_response = '.$curl_response );  
    }
         
    $decoded = json_decode($curl_response);

    if (isset($decoded->error)) {
        die('error occured: ' . $decoded->error);
    } 

    $access_token = $decoded->access_token;
    $expires_in = $decoded->expires_in;
    $refresh_token = $decoded->refresh_token;

    curl_close($curl);

    $_SESSION["access_token"] = $access_token;
    $_SESSION["refresh_token"] = $refresh_token;
    $_SESSION["access_token_expiration"] = strtotime('+'.(string)$expires_in.' sec');   
    
    return  $access_token;
} 



// Call api rest with GET
function api_call($path, $access_token, int $http_method=HttpMethod::GET, $fields=null)
{
    $curl = curl_init($path);

    curl_setopt($curl, CURLOPT_HTTPHEADER, array(    
        "Content-Type: application/json",
        "Authorization: Bearer ".$access_token
        ));
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($curl, CURLOPT_CAINFO, getcwd() . "\\DSTRootCAX3.crt");
    
    if($http_method <> HttpMethod::GET)
    {       
        if($http_method == HttpMethod::POST)
            curl_setopt($curl, CURLOPT_POST, true);
        elseif($http_method == HttpMethod::PUT)
        {           
            curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "PUT"); 
        }
        elseif($http_method == HttpMethod::DELETE)
            curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "DELETE"); 
            
        if( $fields != null)
            curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode($fields));
    }
    
    $curl_response = curl_exec($curl);
$httpcode = curl_getinfo($curl, CURLINFO_HTTP_CODE);
    if ($httpcode <> 200 ) 
    {       
        //echo var_dump(curl_getinfo($curl));
        curl_close($curl);
        die('Error '.$httpcode.' occured during curl exec '.$path.' : curl_response = '. (isset($curl_response)?$curl_response:'null') );  
    }

    curl_close($curl);
    
    return json_decode($curl_response);
    
} 

?>

Where to get the JWT authentication token?​

Querying the Mindbaz API​

Token expiration management​

Where to get the JWT authentication token?

Querying the Mindbaz API

Token expiration management