Before you can start implementing Rumi.ai's Auth setup, you will need a client ID. Please email [email protected] to have your app provisioned. We will provide you with a unique client ID and client secret, which are necessary for the OAuth 2.0 authorization flow.
Please include a redirect URI for your application when requesting your client ID. This is the URL where users will be redirected after they authorize your application. Ensure that the URI is protected and can handle the authorization code.
To initiate the authorization flow, construct a URL with the following parameters:
response_type=codeclient_id: The client ID provided during registrationredirect_uri: The redirect URI specified during registrationThe Rumi authorization url is: https://rumi.ai/auth/login
When a user needs to authenticate, redirect them to the constructed authorization URL. The user will be prompted to approve your application's access request.
Once the user authorizes your application, they'll be redirected back to the specified redirect URI with the authorization code and state in the query string. Verify that the state matches the one generated earlier to prevent CSRF attacks.
Now that you have the authorization code, make a POST request to the token endpoint with the following parameters:
grant_type=authorization_codecode: The authorization code received appended to redirect URI in the previous stepredirect_uri: The same redirect URI specified during registration