Testing Considerations
This section suggests some things to consider when testing IoL token exchange.
Token Exchange Parameter Validation
Iol sends a number of parameters to the application: for example, state and client ID that were provided in Connection URL to the data owner. On accepting a grant of access to their data, or a rejection, these parameters can be used to perform application-specific verification and validation. If this process fails return an appropriate HTTP response status code to IoL. Otherwise, return a HTTP OK status message along with the response application token.
Application Token Generation
The application generates the bearer token to be used by the IoL API when calling application-specific webhooks. The IoL API places no requirements on the nature of this application token: the application developer is free to provide an appropriate token generation mechanism.
Authorization Callback URL
This is the URL of the application-specific endpoint for token exchange between the IoL API and the application. No authentication token should be expected with the HTTP request from IoL.