Use grant type ‘delegation’ to retrieve access token

Use grant type ‘delegation’ to retrieve an access token and check if an account creation is needed first.


Authority is either for the development environment or for productive environment.

The Token Endpoint returns an error object containing an error and an error_description property in case there was an error. If the subject was not found, the HTTP error code 400 and an error object like following is returned:

    "error": "invalid_request",
    "error_description": "Sub not found"

Example implementation with C#

Taken from and adapted to Supertext. In this example sub is passed as parameter. This could be replaced with email.

var client = new HttpClient();

var response = await client.RequestTokenAsync(new TokenRequest
    Address = "",
    GrantType = "delegation",

    ClientId = "client",
    ClientSecret = "secret",

    Parameters =
        { "sub", "12345"}

Existing implementation with C# and Autofac

There is an existing implementation to retrieve the access token that can be found here:

Supertext.Base.Net.Http.TokenProvider can be used to retrieve the access token:

IoC and configuration

Supertext.Base.Net is using Autofac as IoC container. There is a Module that registers the Supertext.Base.Net types.

Also, the implementation expects to find following configuration:

"Identity": {
    "Authority": "",
    "ApiResourceDefinitions": [
        "ClientId": "SampleApplication.Client",
        "ClientSecretName": "SomeSecretName",
        "Scope": " Supertext.Api "

In the startup of the .NET core application following Autofac ContainerBuilder extensions must be called:

public void ConfigureContainer(ContainerBuilder builder)
    builder.RegisterModule<NetModule>();  // register NetModule
    builder.RegisterIdentityAndApiResourceDefinitions(Configuration); // register Identity configuration

The passed Configuration should contain SomeSecretName with the secret. At Supertext we populate this property from a key vault for example.

Be aware: the current TokenProvider implementation doesn’t handle “error_description”: “Sub not found”. In case of an error RequestClientCredentialsTokenAsync throws an exception.

Ähnliche Beiträge

Leave a Reply

Your email address will not be published. Required fields are marked *