How to obtain a token from WAVE?

For public data, you don’t need to authenticate to WOW, you can access them anonymously. But for some operations, you need to authenticate. Here is a sample list of operations that requires authentication:

  • Site creation, editing
  • Observation editing
  • Accessing non-public observations
  • Admin/moderator functionalities, etc.

WOW uses MetOffice’s WAVE authentication as OAuth provider. Your password is only kept on WAVE; WOW doesn’t store it. User related operations, authentication and authorization are all part of WAVE.

Because WAVE implements OAuth, you can use its API to obtain an access token. Then, all you need to do is pass the token to WOW in Authorization HTTP Header. You can refer to “How to connect to WOW API?” article for more detail on how to connect and fetch data from WOW.

The following code uses .NET Framework’s HttpClient to fetch access token. It’s pretty simple and straightforward and easy to implement in other languages as well. 

private static async Task<string> GetAccessToken(string userName, string password)
{
    using (var httpClient = new HttpClient())
    {
        httpClient.BaseAddress = new Uri("https://dplogon.metoffice.gov.uk");

        var dict = new Dictionary<string, string>()
        {
            { "scope", "openid profile email memberOf" },
            { "grant_type", "password" },
            { "client_id", "client-id" },
            { "client_secret", "client-secret" },
            { "username", userName },
            { "password", password }
        };

        var content = new FormUrlEncodedContent(dict);

        using (var response = await httpClient.PostAsync("/sso/oauth2/access_token", content))
        {
            response.EnsureSuccessStatusCode();
            return JObject.Parse(await response.Content.ReadAsStringAsync()).Value("access_token");
        }
    }
}

The code will get you a Guid as an access token, which you can pass it to WOW in the header. You will also need to replace the client_id and client_secret values with your own.

Remarks

  • Rather than full token, WAVE returns access token as a GUID. This requires additional security server check on WOW, so we recommend sending cookie as well as the token after the first request. You will notice your queries are much faster.