Skip to content

Building Confidential Clients Libraries

Jump to bottom
Josh Fischer edited this page Oct 6, 2023 · 2 revisions

Iridium supports two grant types for clients that are considered confidential. There are some details that should remain the same across clients developed, no matter the technology. Below is a link that will take you to the OAuth RFC for reference. We will attempt to cover the details in this doc.

Client Credentials Grant

The client credentials grant should be used when an application requests an access token on behalf of itself, not a user.

An example is below of a few interfaces that should be used when creating the clients. The example below is in Go, thank you Saad, for getting this put together. After instantiating a client, which will be populated with the clientId, clientSecret and the domain we can exchange the credentials for an access token by calling the exchange() method. By using exchange we will match the style of the authorization code flow grant clients.

type IridiumClient struct {
	clientId     string
	clientSecret string
	domain       string
	accessToken  string
	tokenType    string
	expiresIn    uint64
}

func NewIridiumClient(clientId, clientSecret, domain string) IridiumClient {
	return IridiumClient{
		clientId:     clientId,
		clientSecret: clientSecret,
		domain:       domain,
	}
}

func (c *IridiumClient) exchange() error { 
	/* Make call to authentication endpoint and populate:
	 * Access token
	 * Token type
	 * Expires in
	 * Parameters (? optional)
	 */

	return nil
}

The Bearer token response should be formatted like the following.

type AccessTokenResponse struct {
  access_token string
  refresh_token string
  token_type string
  expires_in uint64
}
Clone this wiki locally