The Integrated App Environment (IAE) allows third party application integration with Wisenet services. It uses industry standard OAuth 2.1 framework to provide limited access to an HTTP service on behalf of a resource owner.
OAuth 2.1 is consolidating best practices learned over the 11 years since OAuth 2 was published. The original OAuth 2.0 specification was released in October 2012 as RFC 6749 and RFC 6750. It replaced OAuth 1.0, released in April 2010. There have been a number of extensions and modifications to OAuth 2 over the subsequent years.
A new OAuth specification has been proposed and is currently under discussion. If approved, OAuth 2.1 will obsolete certain parts of OAuth 2.0 and mandate security best practices. The rest of the OAuth 2.0 specification will be retained.
That bears repeating. Nothing new will be added. This is an explicit design goal of OAuth 2.1.
See: Differences Between OAuth 2 And OAuth 2.1 and of course_offer OAuth 2.1 - 10 Differences from OAuth 2.0
Essentially this boils down to using PKCE (RFC 7636: Proof Key for Code Exchange by OAuth Public Clients) plus a few other bits and pieces. See article link above. Since OAuth 2.1 is essentially OAuth 2.0 with “security best practices” and it will not add anything new, we will work with the latest OAuth 2.1 draft.
https://auth.wisenet.co/api/.well-known/oauth-authorization-server Used by the client to get authorization server metadata. https://auth.wisenet.co/api/oauth/authorize Used by the client to obtain authorization from the resource owner via user-agent redirection. https://auth.wisenet.co/api/oauth/token Used by the client to exchange an authorization code for an access token, with client authentication. Also to exchange a refresh token for an access token.
https://auth.wisenet.co/api/.well-known/oauth-authorization-server
https://auth.wisenet.co/api/oauth/authorize
https://auth.wisenet.co/api/oauth/token
This could also be a function within the application which requires Wisenet resource access.
GET https://auth.wisenet.co/api/oauth/authorize ?response_type=code // - Required &client_id={Client ID} // - Required &client_secret={Client Secret} // - Required &redirect_uri={Redirect URI} // - Conditionally required &scope={Scopes} // - Optional &state={Arbitrary String} // - Required &code_challenge={Challenge} // - Required for PKCE &code_challenge_method={Method} // - Required for PKCE
Using the familiar User Portal UI the user can login with credentials or social login, and select tenant and scopes to authorize.
OAuth 2.1 - 4.1.2 Authorization Response
HTTP/1.1 302 Found Location: {Redirect URI} ?code={Authorization Code} // - Always included &state={Arbitrary String} // - Included if the authorization request included 'state'. &iss={Issuer String} // - Optional. Client can use to prevent mixup attacks
OAuth 2.1 - 3.2 Token endpoint (base implementation) OAuth 2.1 - 4.1.3 Token endpoint extension
POST https://auth.wisenet.co/api/oauth/token Content-Type: application/x-www-form-urlencoded ?grant_type=authorization_code // - Required &code={Authorization Code} // - Required &redirect_uri={Redirect URI} // - Required if the authorization request included 'redirect_uri'. Required if the authorization request included 'code_challenge'.
HTTP/1.1 200 OK Content-Type: application/json;charset=UTF-8 Cache-Control: no-store Pragma: no-cache { "access_token": {Access Token}, // - Always included "token_type": {Token Type}, // - Always included "expires_in": {Lifetime In Seconds}, // - Optional "refresh_token": {Refresh Token}, // - Optional "scope": {Scopes} // - Mandatory if the granted scopes differ from the requested ones. "token_type": Bearer // "api_key": {Api Key} // - Always included. Use together with "access_token" for subsequent requests the resource server. }
OAuth 2.1 - 3.2.3 Token Response
GET https://api.wisenet.co/v1/lln-submissions/100 x-api-key: {Api Key}, // - Required Authorization: Bearer {Access Token} // - Required
OAuth 2.1 - 3.2 Token endpoint (base implementation) OAuth 2.1 - 4.3.1 Token endpoint extension
GET https://auth.wisenet.co/api/oauth/token Content-Type: application/x-www-form-urlencoded ?grant_type=refresh_token // - Required &refresh_token={Refresh Token} // - Required
Scopes provide a way to limit the access granted to an application allowing only specific actions.
The full or a subset of the supported scopes will be agreed upon and assigned to the integration client during registration. The integration may only request scope from those assigned. Any required scopes, will be included even when not requested.
Allows the reading of Assessment Submission data. Endpoints included:
Allows the updating of Assessment Submission data. Endpoints included:
Allows the reading of Class data. Endpoints included:
Allows the updating of Class data. Endpoints included:
Allows the reading of Class Registration data. Endpoints included:
Allows getting combos data. Endpoints included:
Allows the updating of combos data. Endpoints included:
Allows to get a pre-signed URL that the document can be downloaded from Endpoints included:
Allows the upload of documents files, including pdf, jpg, png. Endpoints included:
Allows the reading of Course data. Endpoints included:
Allows the updating of Course data. Endpoints included:
Allows the reading of Course Offer data. Endpoints included:
Allows the updating of Course Offer data. Endpoints included:
Allows the reading of Course Unit data. Endpoints included:
Allows the updating of Course Unit data. Endpoints included:
Allows the reading of Unit data. Endpoints included:
Allows the updating of Unit data. Endpoints included:
Allows the reading of Unit Offer data. Endpoints included:
Allows the updating of Unit Offer data. Endpoints included:
Allows the reading of Learner data. Endpoints included:
Allows the updating of Learner data. Endpoints included:
Allows the reading of Location data. Endpoints included:
Allows the updating of Location data. Endpoints included:
Allows the reading of Opportunity data. Endpoints included:
Allows the updating of Opportunity data. Endpoints included:
Allows the reading of Course Enrolment data. Endpoints included:
Allows the updating of Course Enrolment data. Endpoints included:
Allows the reading of Unit Enrolment data. Endpoints included:
Allows the updating of Unit Enrolment data. Endpoints included:
Allows the reading of Agent data. Endpoints included:
Allows the updating of Agent data. Endpoints included:
Allows the reading of Workplace data. Endpoints included:
Allows the updating of Workplace data. Endpoints included:
Allows the reading of Staff data. Endpoints included:
Allows the updating of Staff data. Endpoints included:
Allows the reading of Sales Contact data. Endpoints included:
Allows the updating of Sales Contact data. Endpoints included:
Allows the reading of Sales Person data. Endpoints included:
Allows the reading of Filenote data. Endpoints included:
Allows the updating of Filenote data. Endpoints included:
Allows the reading of Elearning Course data. Endpoints included:
Allows the updating of Elearning Course data. Endpoints included:
Allows the reading of Elearning Course Offer data. Endpoints included:
Allows the updating of Elearning Course Offer data. Endpoints included:
Allows the reading of Elearning Enrolment data. Endpoints included:
Allows the updating of Elearning Enrolment data. Endpoints included:
Allows the reading of Event Enrolment data. Endpoints included:
Allows the updating of Event Enrolment data. Endpoints included:
Allows the reading of Event Session data. Endpoints included:
Allows the updating of Event Session data. Endpoints included:
Allows the reading of Finance Management data. Endpoints included:
Allows the reading of Finance Invoice data. Endpoints included:
Allows the reading of Finance Payment data. Endpoints included:
Allows the reading of Finance Quote data. Endpoints included:
Allows the reading of Record Custom Fields data. Endpoints included:
Allows the updating of Record Custom Fields data. Endpoints included:
Allows the reading of Timetable data. Endpoints included:
Allows the updating of Timetable data. Endpoints included:
Allows the reading of Training Agreement data. Endpoints included:
Allows the updating of Training Agreement data. Endpoints included: