Difference Between Public And Confidential Applications
I need to create a confidential application so that I can maintain authorisation with refresh tokens.
I'm following the the Confidential Application Auth Flow and the associated tutorial. The only significant difference I see between the confidential app auth flow and the public app auth flow is that the Client Secret is included in the base64 encoded Authorization header, which I've ensured my application includes in its requests to the token endpoint. Despite that, I never get a refresh token back.
Is there a setting on the application configuration that marks an app as confidential? Or is there some other difference in the auth flows that I'm missing?
Comments
-
I've finally managed to get a refresh token back.
It wasn't clear in the Authorization code flow for confidential applications tutorial that you need to pass the client ID and client secret in the POST request body to the token endpoint.
It does say to include the client ID and secret in the Authorization header after concatenating and base64 encoding the two and it specifically says this header is required UNLESS you include the id and secret in the request.
However, I only get a refresh token back if I include them in the request body.
I think the documentation could do with some clarification on that point.0 -
@Jonathan White Sorry you are having authorization issues. I just verified that you can pass the client ID and secret in either the authorization header or the request body, as documented. It's possible there was an issue encoding the client ID and secret in the authorization header.
0
Categories
- All Categories
- 6 Blackbaud Community Help
- 211 bbcon®
- 1.4K Blackbaud Altru®
- 402 Blackbaud Award Management™ and Blackbaud Stewardship Management™
- 1.1K Blackbaud CRM™ and Blackbaud Internet Solutions™
- 15 donorCentrics®
- 360 Blackbaud eTapestry®
- 2.6K Blackbaud Financial Edge NXT®
- 655 Blackbaud Grantmaking™
- 576 Blackbaud Education Management Solutions for Higher Education
- 3.2K Blackbaud Education Management Solutions for K-12 Schools
- 941 Blackbaud Luminate Online® and Blackbaud TeamRaiser®
- 84 JustGiving® from Blackbaud®
- 6.7K Blackbaud Raiser's Edge NXT®
- 3.7K SKY Developer
- 248 ResearchPoint™
- 120 Blackbaud Tuition Management™
- 165 Organizational Best Practices
- 240 Member Lounge (Just for Fun)
- 34 Blackbaud Community Challenges
- 37 PowerUp Challenges
- 3 (Open) PowerUp Challenge: Grid View Batch
- 3 (Closed) PowerUp Challenge: Chat for Blackbaud AI
- 3 (Closed) PowerUp Challenge: Data Health
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Product Update Briefing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports+
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Email Marketing
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Gift Management
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Event Management
- 3 (Closed) Raiser's Edge NXT PowerUp Challenge: Home Page
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Standard Reports
- 4 (Closed) Raiser's Edge NXT PowerUp Challenge: Query
- 796 Community News
- 3K Jobs Board
- 54 Blackbaud SKY® Reporting Announcements
- 47 Blackbaud CRM Higher Ed Product Advisory Group (HE PAG)
- 19 Blackbaud CRM Product Advisory Group (BBCRM PAG)