> For the complete documentation index, see [llms.txt](https://devs.peerplays.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://devs.peerplays.com/tools-and-integrations/peerid/1.0.0/development/authentication-with-peerid.md).

# Authentication with PeerID

 `{`\
    `"result": {`\
&#x20;       `"expires": "<expiry date of the token>",`\
&#x20;       `"app_id": <your client ID>,`\
&#x20;       `"scope": <permissions granted by the user>,`\
&#x20;       `"token": "<access token for the user>",`\
&#x20;       `"refresh_token": "<refresh token for the user>"`\
&#x20;   `},`\
&#x20;   `"status": 200`\
`}`

Note: Store the access token and refresh token like passwords.

**OAuth Resource Owner Password Credentials flow**\
Follow the below steps to get the access token using the OAuth Resource Owner Password Credentials flow:

1. In your app, request for user's login credentials i.e. username or email ID and mobile or password and on your server, get an access token by making this request:<br>

   `POST https://peerid.peerplays.download/api/v1/auth/token`\
   &#x20;    `?login=<user's username or email ID>`\
   &#x20;    `&password=<user's password>`\
   &#x20;    `&mobile=<user's mobile number>`\
   &#x20;    `&client_id=<your client ID>`

   \
   Either `password` or `mobile` parameters has to be passed in this request. If both are passed, the PeerID server validates both of them along with the `login`.<br>
2. We respond with a json-encoded access token. The response looks like this:

   &#x20;`{`\
   &#x20;   `"result": {`\
   &#x20;       `"expires": "<expiry date of the token>",`\
   &#x20;       `"app_id": <your client ID>,`\
   &#x20;       `"scope": <permissions granted by the user>,`\
   &#x20;       `"token": "<access token for the user>",`\
   &#x20;       `"refresh_token": "<refresh token for the user>"`\
   &#x20;   `},`\
   &#x20;   `"status": 200`\
   `}`

## **Sending access tokens**

Once you have the user’s access token, your app can perform the permitted operations on behalf of the user on the Peerplays blockchain using the `/api/v1/app/operations` API. You have to pass the access token for the user in the Authorization header for this API like:

`curl -H "Authorization: Bearer <access token>" https://peerid.peerplays.download/api/v1/app/operations`

Note: The access token for one app cannot be used for another app.

## **Refreshing access token**

New OAuth2 access tokens have expirations. Token-expiration periods vary in length, based on how and when the token was acquired. Tokens return an `expires` field indicating how long the token should last. However, you should build your applications in such a way that they are resilient to token authentication failures. In other words, an application capable of refreshing tokens should not need to know how long a token will live. Rather, it should be prepared to deal with the token becoming invalid at any time.

On seeing a `401 - Unauthorized` error, an application should try to refresh the session if a refresh token is present. If the refresh fails, the application should re-prompt the end user with another authentication dialog via the standard OAuth 2 flow.

Generally, refresh tokens are used to extend the lifetime of a given authorization.

**How to refresh:**

To refresh a token, you need the refresh\_token that you get in the response when you exchange your code for the token and the client ID and client secret. The following API returns the new access token:

`POST https://peerid.peerplays.download/api/v1/auth/refreshtoken`\
&#x20;    `?refresh_token=<refresh token for the user>`\
&#x20;    `&client_id=<your client ID>`\
&#x20;    `&client_secret=<your client secret>`

The response will look like this:

`{`\
&#x20;   `"result": {`\
&#x20;       `"expires": "<expiry date of the token>",`\
&#x20;       `"app_id": <your client ID>,`\
&#x20;       `"scope": <permissions granted by the user>,`\
&#x20;       `"token": "<access token for the user>",`\
&#x20;       `"refresh_token": "<refresh token for the user>"`\
&#x20;   `},`\
&#x20;   `"status": 200`\
`}`


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://devs.peerplays.com/tools-and-integrations/peerid/1.0.0/development/authentication-with-peerid.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.