Skip to content

OAuth 2.0

⚠️ UNDER DEVELOPMENT: This feature is under development and not ready for production use. Please use only for beta testing.

Please note that the base address for this api is the Momentum Login service.

We are currently in the early stages of implementing support for OAuth 2.0 for the Momentum Fastighet API. The OAuth implementation may be used, when ready, to sign in end-users (a person or organisation that has previously acquired an account) and applications.

The following sections describes how to sign-in and use the Momentum Fastighet API with OAuth 2.0:

  • An authorization flow is used to sign-in a user or application and obtain an access token.
  • The access token is then used to access resources such as an API.

A discovery end-point is available, at .well-known/openid-configuration, that can be used to automatically configure the client.

Authorization Flows

The following authorization flows are supported to acquire an access token:

  • Authorization Code Flow with Proof Key for Code Exchange

    This flow is used to sign in an end-user from a client application, such as an web browser or native app (e g iPhone or Windows app). See Authorization Flow using PKCE to get started.

  • Client Credentials Flow

    This flow is used to sign in an application itself without user interaction. This flow can only be used by confidential clients that is able to store secrets privately, such as a web server or service running on a trusted server. It must not be used by public clients such as SPA or PWA-applications running on client devices. See Client Credentials Flow to get started.

Logout

Currently, only OpenID Connect RP-Initiated Logout is supported.