Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The Implicit Grant is used to grant access tokens to applications in the authorization response.

Tip

You can download sample .NET framework code at https://dl1.empowerid.com/files/OAuthTestSampleCode.zip

Implicit Grant

1. Initiate a login request to the EmpowerID Authorization endpoint, https://<EID Server>/oauth/v2/ui/authorize

Code Block
https://<EID Server>/oauth/v2/ui/authorize
?client_id=xxxxxxxxxxxxxxxxxx
 &redirect_uri=https%3A%2F%2Ftestoauthapp.com%2FcallbackUrl
 &response_type=token id_token
 &state=xxxxxxxxxxxxxxxxxx
 &nonce=xxxxxxxxxxxxxxxxxx

Post Body Parameter

Required/Optional

Description

client_id 

required

Must be the EmpowerID OAuth application client identifier.

redirect_uri

required

Client endpoint to which the authorization server should redirect after request approval.

response_type

required

Must be token to initiate authorization code flow. For OpenID connect use token id_token as response type

scope

required for OpenID Connect

Include scope=id_token for OpenID Connect flow.

state

required

Random string value sent by the client to maintain session and prevent CSR attacks

nonce

required

Random string value sent by the client to uniquely identify each request

2. Authenticate using either EmpowerID credentials or any of the allowed external identity providers.

3. Authorization server redirects to the redirect_uri with the response parameters in the fragment part of URL.

Code Block
redirect_uri
#access_token=xxxxxxxxxxxxxxxxxx
 &state=xxxxxxxxxxxxxxxxxx
 &token_type=Bearer
 &expires_in=3600
 &id_token= xxxxxxxxxxxxxxxxxx

Implicit Grant using .NET Client Library

1. Initialize ClientSettings by passing the client_id, client_secret, redirect_uri, token_endpoint, authorization_endpoint, tokeninfo_endpoint and userinfo_endpoint. Also initialize a new ImplicitGrant by passing the clientSettings model.

Code Block
var clientSettings = new ClientSettings(
	“client_id”,
	“client_secret”,
	“redirect_uri”,
	“https://<EID Server>/oauth/v2/token”,
	“https://<EID Server>/oauth/v2/ui/authorize”,
	“https://<EID Server>/oauth/v2/tokeninfo”,
	“https://<EID Server>/oauth/v2/userinfo”);
			
 var handler = new ImplicitGrant(clientSettings);

2. Call the BuildAuthorizationRequestPacket() method to to build the fully qualified URL to redirect for authentication.

Code Block
//Generate random nonce and state
var nonce = Guid.NewGuid().ToString("N");
       var state = Guid.NewGuid().ToString("N");

       //Use the below commented code for "code" flow to build parameters
       var parameters = handler.BuildAuthorizationRequestPacket
(ParameterFormat.FormUrlEncoded, state, null, nonce, null);
       
       //Use the below commented code for "code id_token" flow to build parameters
       //var responseTypes = new List<ResponseType> { ResponseType.id_token };
//var parameters = handler.BuildAuthorizationRequestPacket      
//(ParameterFormat.FormUrlEncoded, state, "openid", nonce, responseTypes);

//Generate redirect URL
var redirectUrl = string.Format("{0}?{1}", clientSettings.AuthorizeUrl, parameters);

3. In the application Callback URL() method, extract the access_token, id_token , etc., from the fragment part of the redirect URL.

Div
stylefloat: left; position: fixed;

IN THIS ARTICLE

Table of Contents
minLevel2
maxLevel4
stylenone

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue