Additional Authentication API examples

Exchange a refresh token for an access token

API reference: /oauth/token

Exchanges the refresh token m569crgh58ra33hy92e5 for a new access token. This is a common operation due to the fact that access tokens have a maximum lifetime of 60 minutes. If an access token expires and you don’t exchange a refresh token for a new access token, the user needs to reauthenticate.

curl -X POST \
  -H "Authorization: Basic dXQ0YmdycmE3dzI4MmpjZm15cGZxeDlwemhxaGpqMmI6dW5qemU5bndrZnV5NmpwdzgzOHFwYTdhZDNoZG55YTY=" \
  --data-urlencode 'grant_type=refresh_token'\
  --data-urlencode 'refresh_token=m569crgh58ra33hy92e5'\
  https://my-app.janraincapture.com/oauth/token

Note that refresh tokens are single-use only. However, if this call succeeds you’ll get back a new refresh token as well as a new access token:

{
  "access_token": "8r8v9ad6dajnbk5t",
  "expires_in": 3600,
  "refresh_token": "f4mrz7dzatqm272tpey2",
  "stat": "ok"
}

Merge a social login account

API reference: /oauth/auth_native

Merges a new social login account with an existing user account. The existing account is referenced by the token member, and is the social login token assigned when the user logged on with the original social login identity provider (IdP). The new social login account is identified by the merge_token member, and is the social login token assigned when the user logged on by using the new account. In other words, the new social login IdP (merge_token) is added to the existing user account (token).

curl -X POST
--data-urlencode 'client_id=12345abcde12345abcde12345abcde12'
--data-urlencode 'flow=standard'
--data-urlencode 'flow_version=20190618143040022299'
--data-urlencode 'locale=en-US'
--data-urlencode 'redirect_uri=http://localhost'
--data-urlencode 'response_type=token'
--data-urlencode 'token=12ab34cd56ef78gh90ij12kl34mn56op78qr90st'
--data-urlencode 'merge_token=ab12cd34ef56gh78ij90kl12mn34op56qr78st78'
https://my-app.janraincapture.com/oauth/auth_native

See Merge accounts for more information.

Update a date select field

API reference: /oauth/update_profile_native

Updates the birthdate attribute for the user issued the access token z0y98xv76u5t4rs3.

curl -X POST \
    --data-urlencode 'client_id=12345abcde12345abcde12345abcde12'\
    --data-urlencode 'flow=standard'\
    --data-urlencode 'flow_version=20190618143040022299''\
    --data-urlencode 'locale=en-US'\
    --data-urlencode 'form=editProfileForm'\
    --data-urlencode 'birthdate[dateselect_year]=1930'\
    --data-urlencode 'birthdate[dateselect_month]=11'\
    --data-urlencode 'birthdate[dateselect_day]=3'\
    --data-urlencode 'access_token=z0y98xv76u5t4rs3'\
    'https://my-app.janraincapture.com/oauth/update_profile_native'

Change a user’s password

API reference: /oauth/update_profile_native

Changes the password for the user issued access token z0y98xv76u5t4rs3. When calling this operation you need to:

  • Supply the user’s current password as the value of the currentPassword member.
  • Supply the user’s new password as the value of the newPassword member.
  • Supply the user’s new password again, this time as the value of the newPasswordConfirm member. If the newPassword and newPassword values don’t match the operation fails.
curl -X POST \
    --data-urlencode 'client_id=12345abcde12345abcde12345abcde12'\
    --data-urlencode 'flow=standard'\
    --data-urlencode 'flow_version=20190618143040022299''\
    --data-urlencode 'locale=en-US'\
    --data-urlencode 'form=changePasswordForm'\
    --data-urlencode 'currentPassword=password123'\
    --data-urlencode 'newPassword=Password1'\
    --data-urlencode 'newPasswordConfirm=Password1'\
    --data-urlencode 'access_token=z0y98xv76u5t4rs3'\
    'https://my-app.janraincapture.com/oauth/update_profile_native'

Reset a user password

API reference: /oauth/update_profile_native

Resets a user’s password after a reset password verification code has been submitted. When you submit a reset password verification code you’re given an access token. That token must be used in this operation as the value of the access_token member.

Note that, in this call, you only need to specify (and confirm) the user’s new password. You don’t need to supply the user’s old password.

curl -X POST \
    --data-urlencode 'client_id=12345abcde12345abcde12345abcde12'\
    --data-urlencode 'flow=standard'\
    --data-urlencode 'flow_version=20190618143040022299''\
    --data-urlencode 'locale=en-US'\
    --data-urlencode 'form=changePasswordFormNoAuth'\
    --data-urlencode 'newPassword=Password2'\
    --data-urlencode 'newPasswordConfirm=Password2'\
    --data-urlencode 'access_token=z0y98xv76u5t4rs3'\
    'https://my-app.janraincapture.com/oauth/update_profile_native'