Component 1: Authentication
XPress Roster uses OAuth 2.0 for ease of use and the ability to integrate with many user-provisioning systems. While the necessary technical interactions are demonstrated here, the A4L Community highly recommends using Client and/or Server packages based on your development environment to simplify your use of OAuth 2.0.
Getting a Token
In order to ensure interoperability and fit with the user stories we seek to support, xPress Roster solutions must support the creation of tokens through Password Grant. Tokens allow applications to submit credentials for synchronizing data. Tokens require a responsible user’s permission, which gives them the ability to give the indicated user one or more shortcuts to the requested data.
Tokens are similar to barcodes. When you look at a barcode, it’s not understandable, but when you have the right access and format, you can read it. A token requires two things: a key and a format. The key is what is passed first when you authenticate. This authentication is passed in HTTP calls using the sample formats below and a call to the REST interface.
Example Submission of Credentials
POST /token HTTP/1.1