Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

After registering an OAuth application in EmpowerID, the next step for working with the API is to use the credentials generated for that application—which application – which consists of the API Key, the Client ID and the Client Secret—to Secret – to get an access token. The access token is what authorizes you to make API calls. The resources that can be manipulated vary, depending on the Access Levels associated with the application user. Access tokens can be issued as OAuth 2.0 tokens or JWT tokens. In this topic, we demonstrate getting an OAuth 2.0 token. 

Expand
titleToken Expiration Time

The default expiration time for JWT and access tokens is 3600 seconds. You can change this value in the Token Expiration (in seconds) field on the application. To do so:

  1. In On the Navigation Sidebarnavbar, expand Admin, then SSO Connections, and click OAuth.

  2. Open the Application Details for the application and click the Edit button.

  3. On the General tab, you can find the setting in the OAuth Application Details section.

How to get an access token

To get an access token, you need to make a POST request to https://<Your_EmpowerID_Web_Server>/oauth/v2/token with the following header and data value pairs:

Headers

Key

Value

X-EmpowerID-API-Key

The API key for the OAuth application you created.

Authorization

This is the Basic authentication scheme for the EmpowerID Person requesting the access token. To use this scheme, you set the value to the base-64 encoded value of the person's username and password. To get this value, you can visit one of many websites that provide this service, write your own code, or use a REST client like Postman.

Content-Type

application/json

Request Data

Request data is sent to the API in JSON format

Code Block
languagec#
{
  "client_id": "{The Client ID of the OAuth app you created above}",
  "client_secret": "{The Client Secret of the OAuth app you created above}",
  "redirect_uri": "{The Redirect URI of the OAuth app you created above}",
  "grant_type": "password"
}

Response

If the request is successful, you should receive a JSON response that looks similar to the following:

Code Block
{
   "access_token": "WER1RFdjUVF1OE52ekdWZjJIQjMzSHVqcERQT0p5c...aZW",
   "token_type": "Bearer",
   "expires_in": 3600,
   "refresh_token": "YnQrRHhuyYmNidzY3MTFSVnE1Q1BLN1RuZ1liOH...WQ==",
   "id_token": "null",
   "error": "",
   "error_description": "null"
}

Code Examples

Using the .NET Client Library

1. Initialize ClientSettings by passing the client_id, client_secret, redirect_uri, token_endpoint, authorization_endpoint, tokeninfo_endpoint and userinfo_endpoint. Also initialize a new RefreshOwnerPasswordGrant ResourceOwnerPasswordGrant by passing the clientSettings model.

Code Block
var clientSettings = new ClientSettings(
    “client_id”,
    “client_secret”,
    “redirect_uri”,
    “https://<EID Server>/oauth/v2/token”,
    “https://<EID Server>/oauth/v2/ui/authorize”);
             
 var handler = new ResourceOwnerPasswordGrant (clientSettings);

2. Call the GetAccessToken() method to retrieve the access_token  and refresh_token

Code Block
AccessTokenResponseModel responseModel = null;
try
{
    responseModel = handler.GetAccessToken<AccessTokenResponseModel>
        (RequestMethod.POST,
         ParameterFormat.Json,
         Username,
         Password);           
}
catch (Exception e)
{
     //Handle error
}
var accessToken = responseModel.AccessToken;
var refreshToken = responseModel.RefreshToken;

Note

When using cURL, be sure to use double quotes unless you are making the request from a non-Windows OS.

cURL

Code Block
curl "https://{FQDN_Of_Your_EmpowerID_Web_Server}/oauth/v2/token" \
-H "X-EmpowerID-API-Key: {Your_API_Key} \
-H "Authorization: Basic {base64_encoded_value_of_the_EmpowerID_Person_username_and_password}" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=password&client_id={Your_Client_ID}&client_secret={Your_Client_Secret}&redirect_uri=
https://{FQDN_Of_Your_EmpowerID_Web_Server}/webidpforms/oauth/v2"

Ajax

Code Block
languagejs
var auth = btoa("EmpowerID_Person_Username:EmpowerID_Person_Password")
$.ajax({
  url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/oauth/v2/token",
  type: "POST",

  headers: {
  
 "X-EmpowerID-API-Key": "1a9e18d5-7ec8-4214-b4e7-23b550c9c6ba",
    "Content-Type": "application/json",
    "Authorization": "Basic " + auth    
  },

  data: JSON.stringify({
  "client_id": "Your_Client_ID", 
  "client_secret": "Your_Client_Secret", 
  "redirect_uri": "https://{FQDN_Of_Your_EmpowerID_Web_Server}/webidpforms/oauth/v2",  
  "grant_type": "password"
  })
});

Postman Example

  1. Open the Postman app on your machine.

  2. In Postman, open a new tab, select POST as the HTTP method and enter https://{FQDN_Of_Your_EmpowerID_Web_Server}/oauth/v2/token.


  3. Click Select the Headers tab add Headers tab add the above mentioned key/value pairs.

  4. Click Select the Body tab, select click raw and then add the below JSON:

    Code Block
    { 
       "client_id": "{Your_Client_ID}", 
       "client_secret": "{Your_Client_Secret}",
       "redirect_uri": "https://{FQDN_Of_Your_EmpowerID_Web_Server}/webidpforms/oauth/v2",
         "grant_type": "password" 
    }

  5. Click Send.

    If the request is successful, you should receive a JSON response with the access token and refresh token.

    Image Removed

Next Steps

Call the API for EmpowerID Person Objects
  1. Image Added

Div
stylefloat: left; position: fixed;

IN THIS ARTICLE

Table of Contents
maxLevel4
minLevel2
stylenone

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue