You must use the OAuth flow to authenticate Nexus211 profiles.
The flow
Assuming that you've already created a Nexus211 application, the OAuth flow looks like this:
- You generate and store a random state value.
- Build the authorization URL.
- Redirect the user to the authorization page.
- The user authenticates with their Nexus211 account.
- The user is sent back to the redirect URL.
- Verify that the stored state matches the one in the query parameters.
- Exchange the temporary code with an access token.
Authorization URL
To initate OAuth, you should redirect users to the following url:
https://api.nexus211.com/oauth/authorize?state=&application=&redirect=
For OAuth flow to begin successfully, all three query parameters must be populated. Let's explain each query parameter.
state
The state is generated and stored by you. When you receive the OAuth callback, you must ensure that the value you stored matches the value returned to you. We recommend using a non-predictable, random value, such as an UUID.
application
You must pass your Application's Client ID here. This value can be found in Nexus211 ID portal.
redirect
This is where the Nexus211 will redirect the user after they finish signing in.
Acquiring an Access Token
Once the user signs in and approves your application's requested scopes, they will be redirected to the redirect url you provided.
When this happens, you'll receive two query parameters:
code: This is the temporary code that you'll exchange for an access token.
state: This is identical to the state value you passed to Nexus211 in the beginning.
Now you must call Nexus211 API to get the user's access token.
async () => {
const { data } = await axios.post(
"https://api.nexus211.com/oauth/access-token",
{
code: "the code you received in the query parameters",
},
{
auth: {
username: "application client ID",
password: "application client Secret",
},
}
);
console.log(data); // {token: "xxxxxxxxxxxx" }
};