# OAuth Authorization

## Step 1

## OAuth authorization login page (accessed in browser)

<mark style="color:blue;">`GET`</mark> `https://service.xxx.com/platform/login.html`

The final login page is stitched together as : <https://service.xxx.com/platform/login.html?appKey=xxx\\&redirectUrl=xxx\\&state=xxx> After successful login with code redirect to redirectUrl

#### Query Parameters

| Name                                          | Type   | Description                                       |
| --------------------------------------------- | ------ | ------------------------------------------------- |
| appKey<mark style="color:red;">\*</mark>      | String | Merchant AppKey                                   |
| redirectUrl<mark style="color:red;">\*</mark> | String | Jump to page after successful authorization login |
| state                                         | String | Merchant incoming status field                    |

{% tabs %}
{% tab title="200: OK " %}

```javascript
{
    // Response
}
```

{% endtab %}
{% endtabs %}

#### parameters:

| name        | type   | required | example                                                                                                        | Description                                       |
| ----------- | ------ | -------- | -------------------------------------------------------------------------------------------------------------- | ------------------------------------------------- |
| appKey      | string | YES      | xxx\_xxx                                                                                                       | Merchant AppKey                                   |
| redirectUrl | string | YES      | The page to redirect to after successful authorization login should be consistent with the merchant's backend. | Jump to page after successful authorization login |

## Step 2

## Get token and openId by code

<mark style="color:green;">`POST`</mark> `https://service.xxx.com/platformapi/chainup/open/auth/token`

It is necessary to package the data in the parameter table into JSON strings and use rsa for parameter encryption and signature as data and sign in the body

#### Request Body

| Name                                      | Type   | Description     |
| ----------------------------------------- | ------ | --------------- |
| app\_id<mark style="color:red;">\*</mark> | String | Merchant AppKey |
| time<mark style="color:red;">\*</mark>    | String | timestemp       |
| sign<mark style="color:red;">\*</mark>    | String |                 |
| data                                      | String |                 |

{% tabs %}
{% tab title="200: OK " %}

```javascript
{
    "code": "", //Return code	
    "msg": "", //Success or failure message	
    "data": "",
    "sign": ""
}


data:
{
     "openId":"xxxx",  //The unique openId of the merchant to which the authorized user belongs	
     "expireIn":"xxxx",  //token expiration time, seconds	
     "refreshToken":"xxxxx",  //The token required to refresh the token
     "token":"xxxx". //Authorized token	
}
```

{% endtab %}
{% endtabs %}

The following are the parameters involved in rsa encryption:

| name | type   | required | example                            | Description                                                                     |
| ---- | ------ | -------- | ---------------------------------- | ------------------------------------------------------------------------------- |
| code | string | YES      | 2ae04ed9165624419bad68e9e0f3f29fbd | The returned code when calling the first step of login for user authentication. |

## Refresh token

## Refresh token

<mark style="color:green;">`POST`</mark> `https://service.xxx.com/platformapi/chainup/open/auth/refreshToken`

It is necessary to package the data in the parameter table into JSON strings and use rsa for parameter encryption and signature as data and sign in the body

#### Headers

| Name                                           | Type   | Description      |
| ---------------------------------------------- | ------ | ---------------- |
| Content-Type<mark style="color:red;">\*</mark> | String | application/json |

#### Request Body

| Name                                      | Type   | Description     |
| ----------------------------------------- | ------ | --------------- |
| app\_id<mark style="color:red;">\*</mark> | String | Merchant AppKey |
| time<mark style="color:red;">\*</mark>    | String | timestemp       |
| data<mark style="color:red;">\*</mark>    | String |                 |
| sign<mark style="color:red;">\*</mark>    | String |                 |

{% tabs %}
{% tab title="200: OK " %}

```javascript
{
    "code": "", //Return to cod	
    "msg": "", //Success or failure message	
    "data": "",
    "sign": ""
}

data:

{
    "openId":"xxxx",  //The unique openId of the merchant to which the authorized user belongs	
    "expireIn":"xxxx",  //token expiration time, seconds	
    "refreshToken":"xxxxx",  //The token required to refresh the token	
    "token":"xxxx". //Authorized token	
}
```

{% endtab %}
{% endtabs %}

The following are the parameters involved in rsa encryption:

| name         | type   | required | example                            | Description                                                         |
| ------------ | ------ | -------- | ---------------------------------- | ------------------------------------------------------------------- |
| refreshToken | string | YES      | 4dbca5afca8a46f48d863d18bsdd644731 | The "refresh\_token" received when obtaining the token.             |
| token        | string | YES      | 2ae04ed9165624419bad68e9e0f3f29fbd | The token previously authorized before.                             |
| openId       | string | YES      | 4dbca5afca8a46f48d863d18bsdd644731 | The unique openId of the authorized user belonging to the merchant. |