Jobadder interface#

Powerforce (PF) => JobAdder (JA) sends url which includes client_id and the redirect url as params

JA displays its regular login page requesting username / password (authentication)

JA displays the PF is asking permission page

User clicks the 'accept' button, JA sends its authorisation key to the redirected url (pf) The redirected url is exposed as ? (where's SRP x come into play?)

Upon receipt of the authorisation key, PF sends another request to JA requesting a token using the authorisation key. The token is retured in the response

PF uses the token to perform all other requests