Use grant type ‘delegation’ to retrieve access token

20. April 2021 |

Use grant type ‘delegation’ to retrieve an access token and check if an account creation is needed first.

Process

Authority is either https://staging.supertext.ch/person for the development environment or https://www.supertext.com/person for productive environment.

The Token Endpoint returns an error object containing an error and an error_description property in case there was an error. If the subject was not found, the HTTP error code 400 and an error object like following is returned:

{
    "error": "invalid_request",
    "error_description": "Sub not found"
}

Example implementation with C#

Taken from https://identitymodel.readthedocs.io/en/latest/client/token.html#requesting-a-token and adapted to Supertext. In this example sub is passed as parameter. This could be replaced with email.

var client = new HttpClient();

var response = await client.RequestTokenAsync(new TokenRequest
{
    Address = "https://staging.supertext.ch/person/connect/token",
    GrantType = "delegation",

    ClientId = "client",
    ClientSecret = "secret",

    Parameters =
    {
        { "sub", "12345"}
    }
});

Existing implementation with C# and Autofac

There is an existing implementation to retrieve the access token that can be found here:

https://github.com/Supertext/Supertext.Base/tree/develop/Supertext.Base.Net

Supertext.Base.Net.Http.TokenProvider can be used to retrieve the access token:
https://github.com/Supertext/Supertext.Base/blob/develop/Supertext.Base.Net/Http/TokenProvider.cs

IoC and configuration

Supertext.Base.Net is using Autofac as IoC container. There is a Module that registers the Supertext.Base.Net types.

https://github.com/Supertext/Supertext.Base/blob/develop/Supertext.Base.Net/NetModule.cs

Also, the implementation expects to find following configuration:

"Identity": {
    "Authority": "https://staging.supertext.ch/person",
    "ApiResourceDefinitions": [
      {
        "ClientId": "SampleApplication.Client",
        "ClientSecretName": "SomeSecretName",
        "Scope": " Supertext.Api "
      }
    ]
  }

In the startup of the .NET core application following Autofac ContainerBuilder extensions must be called:

public void ConfigureContainer(ContainerBuilder builder)
{
    builder.RegisterModule<NetModule>();  // register NetModule
    builder.RegisterIdentityAndApiResourceDefinitions(Configuration); // register Identity configuration
}

The passed Configuration should contain SomeSecretName with the secret. At Supertext we populate this property from a key vault for example.

Be aware: the current TokenProvider implementation doesn’t handle “error_description”: “Sub not found”. In case of an error RequestClientCredentialsTokenAsync throws an exception.



«
»

Ähnliche Beiträge

Leave a Reply

Your email address will not be published. Required fields are marked *



*