# Bearer Token

The API uses OpenID Connect (OIDC) protocol to authenticate users. The user is issued a username and password from OLI, with which they can use obtain a **JWT** (JSON Web Token) based access token. **This token is then passed in the http headers to all the endpoints.**

## User Authentication

<mark style="color:green;">`POST`</mark> `https://auth.olisystems.com/auth/realms/api/protocol/openid-connect/token`

method returns JWT tokens on successful authentication with username and password

#### Headers

| Name         | Type   | Description                       |
| ------------ | ------ | --------------------------------- |
| Content-Type | string | application/x-www-form-urlencoded |

#### Request Body

| Name        | Type   | Description  |
| ----------- | ------ | ------------ |
| username    | string | {user\_name} |
| password    | string | {password}   |
| grant\_type | string | password     |
| client\_id  | string | apiclient    |

{% tabs %}
{% tab title="200 " %}

```
{
    "access_token": "eyJhbGciOiJ...",
    "expires_in": 300,
    "refresh_expires_in": 1800,
    "refresh_token": "eyJhbGciOiJI...",
    "token_type": "bearer",
    "not-before-policy": 1588002927,
    "session_state": "b0451c5f-5233-4404-b601-558253efe3a6",
    "scope": "oli_user_role"
}
```

{% endtab %}
{% endtabs %}

### Response description

| field                                   | type   | description                                            |
| --------------------------------------- | ------ | ------------------------------------------------------ |
| access\_token                           | string | JWT (JSON Web Token)                                   |
| expires\_in                             | number | token expiration time in seconds                       |
| refresh\_token\_expire&#x73;*\_*&#x69;n | number | refresh token expiration time in seconds               |
| refresh\_token                          | string | used to obtain a new JWT after the current one expires |

{% hint style="warning" %}
currently the **access\_token** is set to expire in 24 hours and the **refresh token** in 7 days.&#x20;
{% endhint %}

## Refreshing

<mark style="color:green;">`POST`</mark> `https://auth.olisystems.com/auth/realms/api/protocol/openid-connect/token`

method refreshes the access token using the refresh token obtained after login. This is needed when the access token expires.&#x20;

#### Headers

| Name         | Type   | Description                       |
| ------------ | ------ | --------------------------------- |
| Content-Type | string | application/x-www-form-urlencoded |

#### Request Body

| Name           | Type   | Description      |
| -------------- | ------ | ---------------- |
| refresh\_token | string | {refresh\_token} |
| grant\_type    | string | refresh\_token   |
| client\_id     | string | apiclient        |

{% tabs %}
{% tab title="200 " %}

```
refresh_expires_in
```

{% endtab %}
{% endtabs %}