Install Application

The flow of app installation.

An explanation of the above diagram is given below.

1. User(Client) opens the 'GrubCenter App Store'.
   1. Refer the API spec for the install endpoint here
2. User(Client) installs the 3rd party application using the 'GrubCenter App Store'.
3. User (Client) is redirected to the URL provided by the 3rd party application.
4. 3rd party application initiates authorization with Grubtech auth server (Resource server) using APIs that are based on Oauth2 specification. please refer to here
5. User (Client) is redirected to the Grubtech authorization login page.
6. Initiate the login with Grubtech account credentials. The user is redirected to the consent page to request permission.
7. User is given consent for the application requesting permission.
8. Redirect to application’s configured authorization endpoint with authorization code and state.
9. 3rd party application exchanges tokens by invoking auth server token endpoint by proving the authorization code and client secret.
10. Return tokens to 3rd party application.
    1. id_token, access_token, refresh_token will be returned to the 3rd Party Application.
    2. id_token - This token will be used to grant permission to GrubTech. The following example displays the information within a decoded token.

       Example

       {
              "at_hash": "fS1aABeTqFsdNdh76y8IFw",
              "sub": "5078f1f5-65e0-4089-be9e-91d79448a912",
              "permissionValues": "[\"ORDER_DISPATCH\"]",
              "email_verified": true,
              "app_schema": "GRUBCENTER",
              "locationIds": "[\"5fe059a2cccb26031baf4374\"]",
              "iss": "https://cognito-idp.eu-west-2.amazonaws.com/eu-west-2_WAs7wrHcR",
              "phone_number_verified": true,
              "cognito:username": "[email protected]",
              "brandIds": "[\"5fe05941cccb26031baf4373\"]",
              "aud": "1s3jn3neqkli31k5gikqfuqgsk",
              "partner_id": "5fe054c4cccb26031baf4370",
              "roleIds": "[\"5fe0811461c29756a9442311\"]",
              "user_id": "5fe0e5b261c29756a9442319",
              "token_use": "id",
              "groupIds": "[\"5fe05f4561c29756a944230f\"]",
              "auth_time": 1621245825,
              "name": "dispatch",
              "phone_number": "+94718796378",
              "exp": 1621246125,
              "iat": 1621245826,
              "email": "[email protected]"
       }
       

       • refresh_token - This token is used to get a new id token and access token. .
11. User access 3rd party application resources.
12. The 3rd party application invokes Grubtech secure APIs using the id token.
13. Grubtech Application server(Resource server) returns resource response.

(7),(8) messages invoke only for external 3rd party applications when the user has not granted consent yet.