Access Tokens

The following OAuth2 access_tokens are defined for use within the interoperable Green Button Connect My Data messages:

access_token

allocated by DataCustodian for individual account authorizations. This is the normal access token used for accessing individual subscriptions.

refresh_token

allocated at the time of authorization and used to renew an access_token. When the given OAuth2 access token expires, you may use the refresh_token to obtain an new OAuth2 access token

• Obtained: During retail customer authorization process.
• resourceUri: https://services.greenbuttondata.org/DataCustodian/espi/1_1/resource/Batch/Subscription/{SubscriptionID}
• authorizationUri: https://services.greenbuttondata.org/DataCustodian/espi/1_1//resource/Authorization/{authorizationUri}

datacustodian_access_token

access token used by trusted administrative accounts. This access token is allocated through administrative action by the DataCustodian.

• Obtained: During retail customer authorization process

client_access_token

used by ThirdParty applications to access bulk or multiple authorization subscriptions. This access token is allocated at the time the ThirdParty registers with the DataCustodian and the DataCustodian will be providing Bulk data transfers.

• Obtained: The access token is either “Configured or obtained using the OAuth client_credentials based flow”.
• resourceUri: https://services.greenbuttondata.org/DataCustodian/espi/1_1/resource/*
• authorizationUri: https://services.greenbuttondata.org/DataCustodian/espi/1_1/resource/Authorization/{authorizationId}

upload_access_token

used by MeterDataManagement (backend) systems to upload/import data into a DataCustodian. This access token is, like the datacustodian_access_token, allocated through administrative action by the DataCustodian.

registration_access_token

reserved for future use in dynamic registration patterns. The IETF OAuth2 Dynamic Registration working draft is being used in Green Button dynamic registration.

• Obtained: access token is obtained using the oauth client_credentials based flow after the Third Party has completed registration.
• resourceUri: https://services.greenbuttondata.org/DataCustodian/espi/1_1/resource/Bulk/{bulkId}
• authorizationUri: https://services.greenbuttondata.org/DataCustodian/espi/1_1/resource/Authorization/{authorizationId}

References

• OpenID-Connect Wiki