Desktop Application Authorization Flow

Desktop application flow is a slightly modified version of the client-side flow. Since desktop applications do not normally run their own web servers, we cannot redirect back to the desktop app URL. Instead, we will redirect to an internal url with the returned fields. Desktop applications can listen to the browser URL changes. Once a URL is matched against a special Platform URL, desktop application can get the access token and other parameters from the URL.

Authentication & Authorization

To enter the authentication/authorization desktop client flow, you must point an embedded browser to the authorization url and pass the following parameters:

Oauth URL

https://www.geni.com/platform/oauth/authorize

Parameters

Name Description Required
client_id Application key generated during the app registration. true
response_type For the client side flow the response type must be set to "token". true
display For a desktop application embedded browser, set the display value to "desktop". true
scope A comma delimited list of permissions that the application needs. By default the scope is set to a full data access. This is subject to change in the upcoming releases. false

Example

https://www.geni.com/platform/oauth/authorize?client_id=YOUR_APP_KEY&response_type=token&display=desktop

If the user is already logged in, we validate the login cookie that we have stored on the user's browser and authenticate the user.If the user is not logged in, they are prompted to enter their credentials:

Once we have successfully authenticated the user, we will prompt the user to authorize your application:

If the user presses Don't Allow, your app is not authorized. The user will be redirected (via HTTP 302) to the special URL with the following error information:

Returned Fields

Name Type Description
status String If user cancels the authorization flow, the status will be set to "unauthorized".
message String Error message

Example

https://www.geni.com/platform/oauth/auth_failed#status=unauthorized&message=user+canceled

If the user presses Allow, your app is authorized. The user will be redirected (via HTTP 302) to the special URL with an authorization code:

Returned Fields

Name Type Description
access_token String Access token to be used with every API request
expires_in Number Seconds until the token will expire

Example

https://www.geni.com/platform/oauth/auth_success#access_token=ACCESS_TOKEN_GENERATED_BY_SERVER &expires_in=SECONDS_UNTIL_IT_IS_EXPIRED
rails-1a-010