Auth Flow Example

Authenticating

The process begins with a user attempting to access a feature that requires authentication. This could be from their recipe collection, meal plans, or when they visit a site that has integrated the Whisk APIs.

The above example walks through the authentication process of connecting Whisk to a Slack Bot. The user is passed off to the Whisk registration page to create a new account or log in with existing credentials. The following API request will redirect the user and define where to redirect the user after being authenticated.

`https://login.whisk.com/oauth/v2/authorize?` +
`scope=${REQUESTED_SCOPES}` +
`&client_id=${process.env.WHISK_CLIENT_ID}` +
`&response_type=code` +
`&redirect_uri=${REDIRECT_URI}` +
`&state=${state}`

Verification

Once the user has registered or logged in, Whisk will redirect them back to where they came from based on supplied theredirect_uri.

After the authentication redirection, you will need to handle the verification state and get the Whisk user token.

`https://login.whisk.com/oauth/v2/token` +
`?client_id=${WHISK_CLIENT_ID}` +
`&grant_type=authorization_code` +
`&code=${req.query.code}` +
`&client_secret=${WHISK_SECRET}`;

Refreshing

Now, when a user needs to access an API that requires authorization, you can use the saved token or retrieved a new one when that one expires. This is what that flow would potentially look like:

In this example, you would call the following code to refresh the Whisk auth token.

`https://login.whisk.com/oauth/v2/token` +
`?client_id=${WHISK_CLIENT_ID}` +
`&grant_type=refresh_token` +
`&refresh_token=${user.refresh}` +
`&client_secret=${WHISK_SECRET}`