pyvet communicates to all VA Oauth Apis via an Authorization Code Flow
When trying to communicate with an oauth2 API, pyvet will utilize
oidc to ensure the veteran is approved
by a VA-approved Identity Provider (IDP) like ID.me
or Login.gov. pyvet performs the entire authentication
by directing the consumer (the veteran) to two main steps.
- The login process will begin the authentication process by receiving
authorization via a Proof Key for Code Exchange (PCKE). This results in a
codefrom the VA's/authorizationendpoint. - The authentication continues to the
/tokenendpoint, utilizing thecodereceived from step 1. Upon success, a bearertoken(along with other metadata) is provided.pyvetwill then return the desired data from the VA oauth2 API to the consumer.