Overview
This flow is only available for use by Class Customers (signed SSLA agreements) accessing their own data. Partners/integrations must use the Authorization code flow. Customers are encouraged to use the Authorization code flow as well if possible.
Where a customer has multiple business codes on Class, you can request all the codes to be added to your Application/integration credentials. You will need to obtain a separate access token for each business before exchanging the token for data from that business.
Overview of flow
The Resource owner password flow involves the following high-level steps:
- Your integration makes a request to the token endpoint https://app.class.com.au/connect/token/ containing the username and password of the authorizing user. This request identifies your integration and the resources you wish to access.
- Class returns a token response containing the access token and, if requested, a refresh token and/or ID Tokens
Token request
The token request is used to obtain an Access Token that can be used to access the Class API.
Requests are made via a POST request to the token endpoint https://app.class.com.au/connect/token.The following parameters are supported for token requests:
Parameter
|
Required
|
Value |
Description
|
---|---|---|---|
grant_type | True | password | The type of OAuth 2.0 grant being exchanged. For resource owner password requests this field must be set to password. |
username | True |
string |
The username of the Resource Owner. |
password | True | string |
The password of the Resource Owner. |
scope | False | A space-delimited list of scope values | List of scope values describing the access being requested by your integration. See Authorization scope for a detailed description of this parameter and the values supported. |
An example token request, with white space added for readability:
Token response
The token endpoint returns a response in JSON format.
For unsuccessful requests, the JSON object will contain two properties, error with an error value as described in Error codes, and error_description containing a more specific, human-readable error message.
For successful requests, the JSON object will contain the following properties:
Parameter
|
Value
|
Description
|
---|---|---|
access_token | An access token | This is the token that is used to access user resources via the Class API. |
token_type | bearer | The type of access token. Currently, the Class API only supports Bearer tokens and this property will always have the value bearer. |
expires_in | Integer | The number of seconds until the access token expires. I.e. 899 |
scope | A space-delimited list of scope values | The actual scope of the access token. This may be different from what was requested in the scope parameter in the authorization request. See Authorization scope for a detailed description of this parameter and possible scope values. |
Optional (depending on authorization scope requested) | ||
id_token | An ID Token |
An ID Token containing identity information about the Class user that can be used for authentication. This property will only be included if openid was included in the authorization scope parameter. |
Examples of successful and unsuccessful token responses, with white space added for readability:
Successful Response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 959
Cache-Control: no-cache
Pragma: no-cache
{
"access_token":"CBfgN5Z5...",
"token_type":"bearer",
"expires_in":899,
"scope":"target:b/OAUTH_TEST offline_access business.fund.create fund.read"
}
Error Response