Obtain Tokens for Client
Now that your client has its own KeyThe Virgil Key is a wrapper of the user's secure Private Key more ... and CardEach Card contains attributes associated with the holder of the Private key and are used to prove the ownership of a Public key more ... it is ready to start communicating with your own server.
You will collect an access token from Virgil using the client-side SDK and then use this to authenticate with your own server.
Obtain Access and Refresh tokens
To obtain an access token for a CardEach Card contains attributes associated with the holder of the Private key and are used to prove the ownership of a Public key more ... we can use the Virgil Auth service. This service also requires the client's KeyThe Virgil Key is a wrapper of the user's secure Private Key more ... to ensure the client is who they are.
# Get a challenge for a your card ID
challenge = virgil.auth.get_challenge_message(card.id)
# Decrypt the challenge with the client's key
decrypted_message = key.decrypt(challenge.encrypted_message)
# Retrieve the Virgil Public Key
virgil_cards = virgil.cards.find_global(VirgilIdentity::APPLICATION, "com.virgilsecurity.auth")
# Re-encrypt the decrypted message with Virgil's Card
encrypted_message = virgil_cards.encrypt(decrypted_message)
# Send message back to server to acknowledge the challenge
code = virgil.auth.acknowledge(challenge.id, encrypted_message)
# Obtain access and refresh tokens
tokens = virgil.auth.obtain_access_token(code)
###### Alternative #######
# Get access and refresh tokens for a client's card,
# using the client's key to verify their identity
tokens = card.get_tokens_verified_by(key)
The identifier for Virgil Auth's own Global CardGlobal Cards are created with a unique validation token received after verification through the Virgil Identity Service more ... is
Make API calls
You are now ready to make API calls to your server and use the access token as an authentication method. For example, to authenticate with your server in an OAuth2.0 compatible way, simply provide the access token as a bearer token in a header.
GET /resource HTTP/1.1
Authorization: Bearer ACCESS_TOKEN
Next, we will cover how to validate the access token in your server side application.