Authentication

Introduction

In order to make an api call you must register your application at the following url: https://bonline.bog.ge/admin/api/ During registration you should specify your application name, application name in English and a logo url. (preferably using https protocol and not larger 400x80 pixels). If you app is a web app you should also specify redirect url where you will be redirected during authentication. After registration on the app details page you will see application client id, redirect uri and client secret (only in case of web app) which you will need to perform authentication request.

For desktop applications authentication happens using the following scheme:

1. Redirect user to the following url: https://account.bog.ge/auth/realms/bog/protocol/openid-connect/auth with these query string parameters:
   • client_id - your application client id
   • response_type - "token"
   • scope - "corp"
   • redirect_uri - your application redirect uri
   • kc_locale - ka - In case of Georgian language, By default English interface will be used.
   For example, if your application client id is implicitclient, and redirect uri is https://example.com/callback the url will look like this (after url encoding): https://account.bog.ge/auth/realms/bog/protocol/openid-connect/auth?client_id=implicitclient&response_type=token&scope=corp&redirect_uri=https%3A%2F%2Fexample.com%3A44312%2Fcallback&state=e46fcdf4-a4bf-4dc6-8a42-e1b12e27826b&kc_locale=ka
2. Users confirms application request.
3. User is redirected to redirect_uri address, with these parameters in # fragment:
   • access_token - token
   • expires - expiration time
   • token_type - token type
   • kc_locale - ka - In case of Georgian language, By default English interface will be used.

After this you will be able to call the api using the access_token you got. For this you will need to add Authorization Header like this:
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSJ9.eyJpc..........

Web application authentication happens using the following scheme:

1. Redirect user to the following url: https://account.bog.ge/auth/realms/bog/protocol/openid-connect/auth with these query string parameters:
   • client_id - your application client id
   • response_type - "code"
   • scope - "corp"
   • redirect_uri - your application redirect uri
   For example, if your application client id is codeclient, and redirect uri is https://example.com/callback the url will look like this (after url encoding): https://account.bog.ge/auth/realms/bog/protocol/openid-connect/auth?client_id=codeclient&response_type=code&scope=corp&redirect_uri=https%3A%2F%2Fexample.com%3A44312%2Fcallback
2. Users confirms application request
3. User is redirected to redirect_uri with these parameters in # fragment:
   • code - temporary code
4. Send POST request to the following address: https://account.bog.ge/auth/realms/bog/protocol/openid-connect/token with these parameters in request body and application/x-www-form-urlencoded Content-Type:
   • grant_type - authorization_code
   • code - your temporary code
   • redirect_uri - your application redirect uri
   You must make the request with Basic Authorization Header and use your application client_id as a username and use your application client secret as a password.

After this you will be able to call the api using the access_token you got. For this you will need to add Authorization Header like this:
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSJ9.eyJpc..........

Token authentication happens using the following scheme:
Send POST request to the following address: https://account.bog.ge/auth/realms/bog/protocol/openid-connect/token with these parameters in request body and application/x-www-form-urlencoded Content-Type:

• grant_type - "client_credentials"
• client_id - your application client_id
• client_secret - your application client_secret

You must make the request with Basic Authorization Header and use your application client_id as a username and use your application client secret as a password.
After this you will be able to call the api using the access_token you got. For this you will need to add Authorization Header like this:
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSJ9.eyJpc..........