Authentication

In order to gain access to the functionalities of Floriday and the data of end users, the application must be known within Floriday. Furthermore, the end user must grant access to the application before his data can be accessed. An authentication model according to the OAuth2 standard is used for this purpose, supplemented by an API key.

The application form Register client application can be used for this. The application form data is checked by Floriday Implementation support, after which the application is registered and the required credentials are provided.

We currently support two different OAuth flows:

1. Oauth2 Client credentials flow + API-key
2. Oauth2 Authorization code with PKCE flow + API-key

In practice, most applications use the Client Credentials flow. The most important condition is whether the application is able to keep the 'Client Credentials' secret.