Use grant type ‘delegation’ to retrieve access token

Use grant type ‘delegation’ to retrieve an access token and check if an account creation is needed first.

Process

Authority is either https://staging.supertext.ch/person for the development environment or https://www.supertext.com/person for productive environment.

The Token Endpoint returns an error object containing an error and an error_description property in case there was an error. If the subject was not found, the HTTP error code 400 and an error object like following is returned:

{
    "error": "invalid_request",
    "error_description": "Sub not found"
}

Example implementation with C#

Taken from https://identitymodel.readthedocs.io/en/latest/client/token.html#requesting-a-token and adapted to Supertext. In this example sub is passed as parameter. This could be replaced with email.

var client = new HttpClient();

var response = await client.RequestTokenAsync(new TokenRequest
{
    Address = "https://staging.supertext.ch/person/connect/token",
    GrantType = "delegation",

    ClientId = "client",
    ClientSecret = "secret",

    Parameters =
    {
        { "sub", "12345"}
    }
});

Existing implementation with C# and Autofac

There is an existing implementation to retrieve the access token that can be found here:

https://github.com/Supertext/Supertext.Base/tree/develop/Supertext.Base.Net

Supertext.Base.Net.Http.TokenProvider can be used to retrieve the access token:
https://github.com/Supertext/Supertext.Base/blob/develop/Supertext.Base.Net/Http/TokenProvider.cs

IoC and configuration

Supertext.Base.Net is using Autofac as IoC container. There is a Module that registers the Supertext.Base.Net types.

https://github.com/Supertext/Supertext.Base/blob/develop/Supertext.Base.Net/NetModule.cs

Also, the implementation expects to find following configuration:

"Identity": {
    "Authority": "https://staging.supertext.ch/person",
    "ApiResourceDefinitions": [
      {
        "ClientId": "SampleApplication.Client",
        "ClientSecretName": "SomeSecretName",
        "Scope": " Supertext.Api "
      }
    ]
  }

In the startup of the .NET core application following Autofac ContainerBuilder extensions must be called:

public void ConfigureContainer(ContainerBuilder builder)
{
    builder.RegisterModule<NetModule>();  // register NetModule
    builder.RegisterIdentityAndApiResourceDefinitions(Configuration); // register Identity configuration
}

The passed Configuration should contain SomeSecretName with the secret. At Supertext we populate this property from a key vault for example.

Be aware: the current TokenProvider implementation doesn’t handle “error_description”: “Sub not found”. In case of an error RequestClientCredentialsTokenAsync throws an exception.




Ähnliche Beiträge


Leave a Reply

Your email address will not be published. Required fields are marked *



*