📘
TEOS User Guides
Contact CoreLedgerPrivacy Policy
TEOS API
TEOS API
  • 👋Welcome to TEOS API
  • Get started
  • TEOS API overview
    • Terms and concepts
      • Asset
      • Spark
      • Wallet
      • Supply
      • Warp
      • Invoice
      • Transaction
    • Architecture note
      • Tenant setup options
    • Authentication
    • Versioning
  • Using TEOS API
    • Postman examples
    • Rate limits
    • Dealing with blockchain transactions
      • How to get Ether for signing transactions
      • Transaction creation and submission
        • First transaction creation and submission for a new address on the private blockchain
    • Handling errors
      • 1xxxx codes
      • 2xxxx codes
      • 3xxxx codes
    • TEOS Events
    • Warp search
  • TEOS API references
    • TEOS API Swagger (OpenAPI)
  • Using additional APIs of TEOS Platform
    • User authentication flow with TEOS Authentication service and TMS
    • Device authorization flow with TxServer and TEOS Authentication service
    • Adding wallet to the TEOS Platform flow with TxServer and TEOS API
    • Using TxServer API
      • TxServer API (OpenAPI)
      • Key Pair Generation. Transaction Signing
      • Device Restoration
    • Using TEOS Authentication service
      • TEOS Authentication Service API
    • Using TMS API
      • TMS API Swagger (OpenAPI)
      • Handling errors
      • Changelog
    • Using Discovery Service
  • FAQ
  • Changelog
    • v0.9
    • Non-versioned changes
    • Previous versions (not supported)
  • Troubleshooting
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
  1. Using additional APIs of TEOS Platform

Device authorization flow with TxServer and TEOS Authentication service

PreviousUser authentication flow with TEOS Authentication service and TMSNextAdding wallet to the TEOS Platform flow with TxServer and TEOS API

Last updated 1 year ago

Was this helpful?

To utilize the full power of the TEOS platform mobile applications should utilize the Device API of the TXServer. It provides useful services, like push notifications to all connected user devices.

The whole process consists of the following steps (See Diagram 1.)

The [..] constraint notation on the diagram was used to number the steps. The numbering approach is similar to the communication diagram.

Step 1. A User starts the application

Step 1.1. Application checks that the device token (special type of reference (access) token) is valid (present and not expired) (exact implementation is application-specific and is out of the scope of this document).

If the device token is not valid, the application should authenticate the user and retrieve a new device token from the TXServer (steps 1.2 - 1.6)

Optional process. Retrieve a new device token. Connect or register the device

Step 1.2.R. Returned AuthorizedDeviceResponseData contains the device access token, device refresh token, and the expiration in seconds for the device token.

If both device access and refresh tokens are expired, then it is necessary to connect or register the device. To do this, user authentication, using authorization_code flow is necessary.

Step 1.3.1. If the validation of the calling application and all parameters to the Authorize request is successful, the Auth server will return the login form, configured according to the white-labelled settings of the calling application.

Step 1.3.2. The application should present the returned login form to the user in the browser pop-up window

Step 1.3.2.R. The user provides login and password or uses another federated login method (e.g. Facebook or Google)

Step 1.3.R. Auth server authenticates the user and in case of success, redirects the browser back to the app (to the redirect URL, provided in Step 2.0) with the requested authorization code

Step 1.4.R. Auth server checks all the provided parameters and returns the requested user access token, refresh token and ID token (if configured)

Step 1.5.R. Same data is returned as in Step 1.2.R

Step 1.6.R. Same data is returned as in Step 1.2.R

Step 1.R. When the device token is acquired the app is ready to operate with the Teos platform

Step 2. For example, the user initiates an asset creation function in the app

Step 2.1. The app calls the respective TeosApi endpoint and the returned data contains the encoded transaction parameters, enough for signing.

Step 2.2. App signs the transaction. There are libraries for most languages available

Step 2.3.R. Http 202 Accepted is returned, if the signed transaction was accepted for submission

Step 1.2. If the device refresh token is still valid, it must be used to refresh the device token. TxServer function should be utilized for that.

The refresh token returned from the call to the endpoint can be different, from the one, that was sent. In this case, it should be used for the next call to the refresh endpoint

Step 1.3. The user authentication process should be started from the call to endpoint of the Auth server.

Step 1.4. The application calls endpoint of Auth server with the 'authorization_code' grant type and the code, acquired in Step 1.3.R.

Step 1.5. If the device was already registered previously, the endpoint should be called, using the user access token, acquired in Step 1.4.R.

Step. 1.6. In case, the device was never registered, it must be registered, before connecting to any TeosAPI. For this, the endpoint must be used.

Step 2.3. The app sends the signed transaction to the endpoint of the TeosAPI.

RefreshDeviceToken
RefreshDeviceToken
Authorize
Token
ConnectDevice
RegisterDevice
Submit
Diagram 1. Mobile Application Authorization Flow