Everything you need to effectively run and manage your APIs is right here.
The following links provide an in-depth guide for integrating with Identity Product:
In order to have access to the Identity Product and any of the IAGL APIs, an application needs to be created. Depending on its type, there are some features / parameters that can be updated.
Note that the Identity product will authenticate both registered and loyalty accounts in all OpCos (ie. BAEC and BARC, in BA's case).
If the integration is for loyalty accounts only, you are able to identify the account type with information on the identity token and handle the error in your application, logging the user out thus preventing issues with registered accounts trying to perform loyalty operations.
Application Login URI
Application's login page. This URI needs to point to a route in the
application that should redirect to the /authorize endpoint. If you don't
provide any value, you might get an error
You have pressed the back button too many times if the user visits the same
/authorize URL twice - by using the back button on the browser.
Allowed Callback URLs
After the user authenticates, it will be redirected back to any of these URLs.
Multiple valid URLs can be specified. You can use the star symbol as a
wildcard for subdomains (*.iagl.com).
Allowed Logout URLs
A set of URLs that are valid to redirect to after logout. After a user logs
out it can be redirected to the URL define on returnTo query parameter. The
URL used in returnTo must be listed here. You can use the star symbol as a
wildcard for subdomains (*.iagl.com).
Allowed Web Origins (Device Authorization Flow)
Allowed web origins for use with Device Authorization Flow, which is when the
device asks the user to go to a link on their computer or smartphone and
authorize the device. This avoids a poor user experience for devices that do
not have an easy way to enter text. You can use the star symbol as a wildcard
for subdomains (*.iagl.com).
Allowed Origins (CORS)
Allowed Origins are URLs that will be allowed to make requests from JavaScript
to Identity Product API (typically used with CORS). By default, all callback
URLs will be allowed. You can use the star symbol as a wildcard for subdomains
(*.iagl.com).
ID Token Expiration
This settings allows to set the lifetime of the id_token (in seconds).
Refresh Token Rotation
If set, as a result of exchanging a refresh token a new refresh token will be
issued and the existing token will be invalidated. This allows for automatic
detection of token reuse if the token is leaked.
Refresh Token Expiration Allowed Origins (CORS)
If set, a refresh_token will expire based on an absolute lifetime after
which the token can no longer be used. (in seconds)
Refresh Token Inactivity Expiration
If set, a refresh_token will expire based on a specified inactivity lifetime
after which the token can no longer be used. (in seconds)
Refresh Token Rotation
If set, as a result of exchanging a refresh token a new refresh token will be
issued and the existing token will be invalidated. This allows for automatic
detection of token reuse if the token is leaked.
Refresh Token Expiration
If set, a refresh_token will expire based on an absolute lifetime after
which the token can no longer be used. (in seconds)
Refresh Token Inactivity Expiration
If set, a refresh_token will expire based on a specified inactivity lifetime
after which the token can no longer be used. (in seconds)
Identifier
Domain URL for the API. This value will be used as the audience parameter on
authorization calls.
Access Token Expiration
If set, an access_token will expire based on an expiration value after which
the token can no longer be used. (in seconds)
Access Token Expiration for Browser Flows
If set, an access_token will expire based on an expiration value after which
the token can no longer be used. Only used on Implicit or Hybrid flows, and
cannot be greater than the Access Token Expiration. (in seconds)
Scopes
Individual values that should map to a permission (action) on the API. (e.g.
read:profile)
