Skip to end of banner
Go to start of banner

Get an Access Token

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

After registering an OAuth application in EmpowerID, the next step for working with the API is to use the credentials generated for that application—which consists of the API Key, the Client ID and the Client Secret—to get an access token. The access token is what authorizes you to make API calls. The resources that can be manipulated vary, depending on the Access Levels associated with the application user. Access tokens can be issued as OAuth 2.0 tokens or JWT tokens. In this topic, we demonstrate getting an OAuth 2.0 token. 

 Token Expiration Time

The default expiration time for JWT and access tokens is 3600 seconds. You can change this value in the Token Expiration (in seconds) field on the application. To do so:

  1. In the Navigation Sidebar, expand Admin, then SSO Connections, and click OAuth.

  2. Open the Application Details for the application and click the Edit button.

  3. On the General tab, you can find the setting in the OAuth Application Details section.

How to get an access token

To get an access token, you need to make a POST request to https://<Your_EmpowerID_Web_Server>/oauth/v2/token with the following header and data value pairs:

Headers

Key

Value

X-EmpowerID-API-Key

The API key for the OAuth application you created.

Authorization

This is the Basic authentication scheme for the EmpowerID Person requesting the access token. To use this scheme, you set the value to the base-64 encoded value of the person's username and password. To get this value, you can visit one of many websites that provide this service, write your own code, or use a REST client like Postman.

Content-Type

application/json

Request Data

Request data is sent to the API in JSON format

{
  "client_id": "{The Client ID of the OAuth app you created above}",
  "client_secret": "{The Client Secret of the OAuth app you created above}",
  "redirect_uri": "{The Redirect URI of the OAuth app you created above}",
  "grant_type": "password"
}

Response

If the request is successful, you should receive a JSON response that looks similar to the following:

{
   "access_token": "WER1RFdjUVF1OE52ekdWZjJIQjMzSHVqcERQT0p5c...aZW",
   "token_type": "Bearer",
   "expires_in": 3600,
   "refresh_token": "YnQrRHhuyYmNidzY3MTFSVnE1Q1BLN1RuZ1liOH...WQ==",
   "id_token": "null",
   "error": "",
   "error_description": "null"
}


Code Examples

Using the .NET Client Library

1. Initialize ClientSettings by passing the client_id, client_secret, redirect_uri, token_endpoint, authorization_endpoint, tokeninfo_endpoint and userinfo_endpoint. Also initialize a new RefreshOwnerPasswordGrant by passing the clientSettings model.

var clientSettings = new ClientSettings(
    “client_id”,
    “client_secret”,
    “redirect_uri”,
    “https://<EID Server>/oauth/v2/token”,
    “https://<EID Server>/oauth/v2/ui/authorize”);
             
 var handler = new ResourceOwnerPasswordGrant (clientSettings);

2. Call the GetAccessToken() method to retrieve the access_token  and refresh_token

AccessTokenResponseModel responseModel = null;
try
{
    responseModel = handler.GetAccessToken<AccessTokenResponseModel>
        (RequestMethod.POST,
         ParameterFormat.Json,
         Username,
         Password);           
}
catch (Exception e)
{
     //Handle error
}
var accessToken = responseModel.AccessToken;
var refreshToken = responseModel.RefreshToken;

When using cURL, be sure to use double quotes unless you are making the request from a non-Windows OS.

cURL

curl "https://{FQDN_Of_Your_EmpowerID_Web_Server}/oauth/v2/token" \
-H "X-EmpowerID-API-Key: {Your_API_Key} \
-H "Authorization: Basic {base64_encoded_value_of_the_EmpowerID_Person_username_and_password}" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=password&client_id={Your_Client_ID}&client_secret={Your_Client_Secret}&redirect_uri=
https://{FQDN_Of_Your_EmpowerID_Web_Server}/webidpforms/oauth/v2"

Ajax

var auth = btoa("EmpowerID_Person_Username:EmpowerID_Person_Password")
$.ajax({
  url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/oauth/v2/token",
  type: "POST",

  headers: {
    "X-EmpowerID-API-Key": "1a9e18d5-7ec8-4214-b4e7-23b550c9c6ba",
    "Content-Type": "application/json",
    "Authorization": "Basic " + auth    
  },

  data: JSON.stringify({
  "client_id": "Your_Client_ID", 
  "client_secret": "Your_Client_Secret", 
  "redirect_uri": "https://{FQDN_Of_Your_EmpowerID_Web_Server}/webidpforms/oauth/v2",  
  "grant_type": "password"
  })
});

Postman Example

  1. Open the Postman app on your machine.

  2. In Postman, open a new tab, select POST as the HTTP method and enter https://{FQDN_Of_Your_EmpowerID_Web_Server}/oauth/v2/token.


  3. Click the Headers tab add the above mentioned key/value pairs.

  4. Click the Body tab, select raw and then add the below JSON:

    { 
   "client_id": "{Your_Client_ID}", 
   "client_secret": "{Your_Client_Secret}",
   "redirect_uri": "https://{FQDN_Of_Your_EmpowerID_Web_Server}/webidpforms/oauth/v2",  
   "grant_type": "password" 
}

  5. Click Send.

    If the request is successful, you should receive a JSON response with the access token and refresh token.

Next Steps

Call the API for EmpowerID Person Objects

IN THIS ARTICLE

  • No labels