Use grant type ‘delegation’ to retrieve an access token and check if an account creation is needed first.
Process
Authority is either https://staging.supertext.ch/person for the development environment or https://www.supertext.com/person for productive environment.
The Token Endpoint returns an error object containing an error and an error_description property in case there was an error. If the subject was not found, the HTTP error code 400 and an error object like following is returned:
{
"error": "invalid_request",
"error_description": "Sub not found"
}
Example implementation with C#
Taken from https://identitymodel.readthedocs.io/en/latest/client/token.html#requesting-a-token and adapted to Supertext. In this example sub is passed as parameter. This could be replaced with email.
var client = new HttpClient(); var response = await client.RequestTokenAsync(new TokenRequest { Address = "https://staging.supertext.ch/person/connect/token", GrantType = "delegation", ClientId = "client", ClientSecret = "secret", Parameters = { { "sub", "12345"} } });
Existing implementation with C# and Autofac
There is an existing implementation to retrieve the access token that can be found here:
https://github.com/Supertext/Supertext.Base/tree/develop/Supertext.Base.Net
Supertext.Base.Net.Http.TokenProvider can be used to retrieve the access token:
https://github.com/Supertext/Supertext.Base/blob/develop/Supertext.Base.Net/Http/TokenProvider.cs
IoC and configuration
Supertext.Base.Net is using Autofac as IoC container. There is a Module that registers the Supertext.Base.Net types.
https://github.com/Supertext/Supertext.Base/blob/develop/Supertext.Base.Net/NetModule.cs
Also, the implementation expects to find following configuration:
"Identity": {
"Authority": "https://staging.supertext.ch/person",
"ApiResourceDefinitions": [
{
"ClientId": "SampleApplication.Client",
"ClientSecretName": "SomeSecretName",
"Scope": " Supertext.Api "
}
]
}
In the startup of the .NET core application following Autofac ContainerBuilder extensions must be called:
public void ConfigureContainer(ContainerBuilder builder)
{
builder.RegisterModule<NetModule>(); // register NetModule
builder.RegisterIdentityAndApiResourceDefinitions(Configuration); // register Identity configuration
}
The passed Configuration should contain SomeSecretName with the secret. At Supertext we populate this property from a key vault for example.
Be aware: the current TokenProvider implementation doesn’t handle “error_description”: “Sub not found”. In case of an error RequestClientCredentialsTokenAsync throws an exception.