Validating a Token - LiquidAnalytics/ld-api-examples GitHub Wiki
Scenario
A resource server needs to validate Liquid Platform OAuth 2.0 token in response to an action from the app.
Flow
The app makes an HTTP request to the resource server with Authorization header as described in the RFC. The header looks like this:
| Header | Example Value |
|---|---|
| Authorization | Bearer Liquid Platform OAuth2 token |
| Authorization | Bearer 31a15228-896a-11e5-af63-feff819cdc9f |
Note that the length and the shape of the token may change over time. The resource server should make no assumptions about how long or how it is generated.
Before performing an action on behalf of the user, the resource server must validate the token. To do that it needs to perform an HTTP GET against /ls/api/oauth2/validate API and pass the Authorization header to the authorization server. For example, to do this in DEV environment do this:
GET https://ldcloud-dev.liquidanalytics.com/ls/api/oauth2/validate
Authorization: Bearer 31a15228-896a-11e5-af63-feff819cdc9f
The API returns:
| HTTP Response Code | Meaning |
|---|---|
| 200 | The token is valid, the resource server may perform the requested action |
| 401 | The token is not valid, the resource server should not perform the requested action and should inform the user |
| all others | An error has occured and the resource server should not perform the requested action. The resource server should notify the user |
Authorization Server URLs
DEV
https://ldcloud-dev.liquidanalytics.com
QA
https://ldcloud-qa.liquidanalytics.com
PROD
https://ldcloud.liquidanalytics.com