OAuth
OAuth Introduction
Endpoints
| Endpoint | URL |
|---|---|
| Authorization | https://auth.solenergikvalitet.se/authorize |
| Token | https://auth.solenergikvalitet.se/token |
Client Configuration
To integrate with our OAuth server, you can use the following configuration:
- Client ID: Not currently enforced, but you should use your contractor slug (the end of the url in https://solenergikvalitet.se/leverantor/..., found by searching here: https://www.solenergikvalitet.se/leverantorer#contractor-list). It will be enforced in the future.
- Redirect URI: The URL where the user will be redirected after login.
Authorization Code Flow
1. Redirect to Authorization Endpoint
Initiate the flow by redirecting the user to the authorization endpoint.
GET https://auth.solenergikvalitet.se/authorize
Query Parameters:
| Parameter | Required | Description |
|---|---|---|
client_id | Yes | Your Client ID (e.g., ifsek). |
redirect_uri | Yes | The URL to redirect back to. |
response_type | Yes | Must be code. |
state | Recommended | A random string to prevent CSRF attacks. |
code_challenge | Optional | PKCE code challenge (S256). Recommended for security. |
code_challenge_method | Optional | Must be S256 if code_challenge is provided. |
Example URL:
https://auth.solenergikvalitet.se/authorize?client_id=ifsek&redirect_uri=https%3A%2F%2Fsolenergikvalitet.se%2Fsolcellsleverantor%2Fportal&response_type=code&state=4bff2b06-bbf8-4fbb-8ab9-7bd5f9eb10ed2. Handle the Callback
After the user logs in, they will be redirected back to your redirect_uri with a code and state parameter.
Example Redirect:
https://solenergikvalitet.se/solcellsleverantor/portal?code=AUTHORIZATION_CODE&state=4bff2b06-bbf8-4fbb-8ab9-7bd5f9eb10ed3. Exchange Code for Token
Exchange the authorization code for an access token by making a POST request to the token endpoint.
POST https://auth.solenergikvalitet.se/token
Form Data Parameters:
| Parameter | Required | Description |
|---|---|---|
grant_type | Yes | Must be authorization_code. |
code | Yes | The code received in the callback. |
redirect_uri | Yes | Must match the redirect_uri used in step 1. |
client_id | Yes | Your Client ID. |
code_verifier | Optional | The PKCE code verifier (if code_challenge was used). |
Example Request:
curl -X POST https://auth.solenergikvalitet.se/token \
-d "grant_type=authorization_code" \
-d "code=AUTHORIZATION_CODE" \
-d "redirect_uri=https://solenergikvalitet.se/solcellsleverantor/portal" \
-d "client_id=ifsek"4. Token Response
The server will respond with a JSON object containing the tokens.
{
"access_token": "eyJhbGciOiJIUzI1...",
"refresh_token": "eyJhbGciOiJIUzI1...",
"expires_in": 3600,
}5. Refresh Token
You can refresh the access token by making a POST request to the token endpoint with the grant_type set to refresh_token.
POST https://auth.solenergikvalitet.se/token
Form Data Parameters:
| Parameter | Required | Description |
|---|---|---|
grant_type | Yes | Must be refresh_token. |
refresh_token | Yes | The refresh token received in the token response. |
The server will respond with a JSON object containing the tokens.
{
"access_token": "eyJhbGciOiJIUzI1...",
"refresh_token": "eyJhbGciOiJIUzI1...",
"expires_in": 3600,
}