OAuth2.0

GeoPlatform now fully support OAuth2.0. All GET requests to GeoPlatform services will allow access to all users. In order to modify resources via the API (using HTTP POST, PATCH, PUT, and DELETE) your application will need to pass a valid Access Token or JWT via the Authorization Bearer token.

In order to obtain Access Tokens you will first need to obtain a client_id and client_secret. You can obtain these by emaling the GeoPlatform service desk servicedesk@geoplatform.gov to register your application. Please include the fully qualified domain name for your application when submitting your request.

You can also sign up your user at the GUI endpoint listed below.

Endpoints:
GUI: https://accounts.geoplatform.gov
Token: https://accounts.geoplatform.gov/auth/token
Authorization: https://accounts.geoplatform.gov/auth/authorize
Obtaining Access Tokens

There are two main ways to obtain an Access Token.

Grant

Grant type requests are brokered by a back end service that can keep and store refresh tokens. We provide a full Auth solution for NodeJS applications upon request. Beside this there are many other OAuth2 integration solutions that will allow you to authenticate against GeoPlatform.


Implicit

Implicit grants are used to redirect users to the OAuth2 server without the need for a backend service to broker the transaction. The redirect_uri allows you to bring your users back to your application once then have successfully authenticated.

Required Query String fields:

Field Example
response_type token
client_id 5a56aaeca9e0221520f413a9
redirect_uri http://myApp.com/auth

Example:

    https://accounts.geoplatform.gov/auth/authorize? client_id=5a56aaeca9e0221520f413a9
    &response_type=token&redirect_uri=http://myApp.com/auth


Client Credential Grant

Using a Client Credential Grant is a simple way to obtain Access Tokens without the need for a server. Obtaining an Access Token via a Client Credential Grant requires only making a single request to obtain the token.

Simply make a http POST request with Content type x-www-form-urlencoded to the Token endpoint with the following fields:

Field Example
client_id 5a56aaeca9e0221520f413a9
client_secret rbh7EU5ewLDCW7HeKzsDA2PwHBSjcfLB4LcTSPM7gK
scope write
username AlfredBenz
password kka&Laf7w2)E8f202!

A successful result will return an implicit Access Token in the following format:

{
    “access_token”:”eyJhb…v5ML4″,
    “token_type”:”Bearer”
}
Using the Access Token on API endpoints:

Once you have obtained an Access Token you will need to send it along on all requests to restricted endpoints. Send the token using the standard Bearer token protocol https://tools.ietf.org/html/rfc6750. The token needs to be set in the Authorization header of the request as follows:

    Authorization: ‘Bearer eyJhb…v5ML4’

A curl request would look like:

    curl -d ‘{“key1″:”value1”, “key2″:”value2”}’ -H “Authorization: Bearer eyJhb…v5ML4” -X POST http://ual.geoplatform.gov/myResource
Have Other Questions?
Please check out our FAQ page in case your question has already been addressed. If you still need help or want to report an issue, please send us an email at servicedesk@geoplatform.gov.
For questions about the federal government not related to GeoPlatform, visit USA.gov or call 1-800-FED-INFO (1-800-333-4636), 8am - 8pm ET Monday through Friday.