# Authentication and authorization ## How to retrieve a bearer token using OAuth password grant flow ### Overview The OAuth 2.0 password grant flow allows applications to obtain an access token by directly collecting the user's credentials. This guide explains how to implement this flow to retrieve a bearer token using client credentials and user authentication. ### Prerequisites Before you begin, ensure you have the following credentials:
No.ParameterDescription
1.Client IDYour application's unique identifier (received from the Semansys support desk).
2.Client secretA secret known only to your application and the authorization server (received from the Semansys support desk).
3.UsernameThe resource owner's username (the e-mail address used retrieving the API credentials).
4.PasswordThe resource owner's password (received from the Semansys support desk).
### Diagram
### Implementation steps #### 1. Prepare the token request Create a POST request to the token endpoint with the following parameters:
ParameterValueDescription
grant_typepasswordSpecifies the OAuth flow type.
client_idyour_client_idYour application's unique identifier.
client_secretyour_client_secretYour application's secret.
usernameuser_usernameThe resource owner's username.
passworduser_passwordThe resource owner's password.
#### 2. Send the Request **Using cURL** ```bash curl -X POST https://oidc-pre.semansys.com/connect/token \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "grant_type=password" \ -d "client_id=YOUR_CLIENT_ID" \ -d "client_secret=YOUR_CLIENT_SECRET" \ -d "username=USER_USERNAME" \ -d "password=USER_PASSWORD" ``` **Using JavaScript/Node.js** ```javascript const axios = require('axios'); const qs = require('querystring'); const data = { grant_type: 'password', client_id: 'YOUR_CLIENT_ID', client_secret: 'YOUR_CLIENT_SECRET', username: 'USER_USERNAME', password: 'USER_PASSWORD' }; axios.post('https://oidc-pre.semansys.com/connect/token', qs.stringify(data), { headers: { 'Content-Type': 'application/x-www-form-urlencoded' } }) .then(response => { console.log('Access Token:', response.data.access_token); }) .catch(error => { console.error('Error:', error.response ? error.response.data : error.message); }); ``` **Using Python** ```python import requests url = "https://oidc-pre.semansys.com/connect/token" payload = { "grant_type": "password", "client_id": "YOUR_CLIENT_ID", "client_secret": "YOUR_CLIENT_SECRET", "username": "USER_USERNAME", "password": "USER_PASSWORD" } response = requests.post(url, data=payload) response_data = response.json() print("Access Token:", response_data.get("access_token")) ``` #### 3. Parse the Response Upon successful authentication, the server will respond with a JSON object containing: ```json { "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", "token_type": "bearer", "expires_in": 3600, "refresh_token": "8xLOxBtZp8", "scope": "read write" } ``` Key response fields:
FieldDescription
access_tokenThe bearer token to use for authentication.
token_typeThe type of token (always "bearer" in this case).
expires_inToken validity period in seconds.
refresh_tokenToken used to obtain a new access token when the current one expires.
scopePermissions granted to the access token.
#### 4. Use the bearer token To use the bearer token for API requests, include it in the Authorization header: ``` Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... ``` Example request with the bearer token: ```bash curl -X GET https://api.semansys.com/... \ -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." ``` ### Troubleshooting Common error responses:
Error codeError textDescription
400Bad RequestInvalid request parameters.
401UnauthorizedInvalid client credentials.
403ForbiddenUser authentication failed.
If you receive an error, check: * All required parameters are included and correctly formatted * Client id and client secret are valid * User credentials are correct. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.semansys.com/getting-started/quickstart/authentication-and-authorization.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.