- User Authentication
LumiNUS is using OAuth 2.0. We are using Authorization Code grant type for applications who are interested in consuming the LumiNUS APIs.
After the user returns to the client via the redirect URL, the application will get the authorization code from the URL and use it to request an access token.
Basically, the steps:
- The application opens a browser to send the user to the OAuth server
- The user sees the authorization prompt and approves the app’s request
- The user is redirected back to the application with an authorization code in the query string
- The application exchanges the authorization code for an access token
With effect from July 2019, LumiNUS API will not provide authentication service. If you just need authentication service, please approach NUS IT for such request. If you need to use other LumiNUS APIs besides the authentication, you can submit a request to the Request Tracker System (https://aces.nus.edu.sg/v2/auth/login
Token Endpoint URL
rt). After login, submit a request for "AppID for ADFS OAuth Client Integration".
Here are some of the useful information
- AD FS Scenarios for Developers: https://
The accessToken is the Bearer.
The bearer will expire within 30 mins.
Info For more information on OAuth 2.0, please refer to the official site
- Official site for OAuth 2.0: https://oauth.net/2/.
- Useful tutorial here: https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2.
You are interested in the below API. On top of the the indicated request parameters required by the API, there are required request header (subscription key) for calling the API.
If the API's response is "", it means that the Bearer is needed for the Authorization Headers.
Below is an example of code sample in different languages. Include the authorization header (Bearer) if needed.