Skip to end of banner
Go to start of banner

OAuth 2.0 Resource Owner Password Grant

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

This topic describes how to consume the EmpowerID REST API with the different OAuth 2.0 flows. Please note that before you can use the framework with your application, you must register that application in EmpowerID. This generates an API Key, Client Secret and Client ID for your application.

You can download sample .NET framework code at https://dl1.empowerid.com/files/OAuthTestSamplecode.zip

OAuth Discovery Endpoint

https://<EID Server>/oauth/.well-know/openid-configuration

Resource Owner Password Grant

1. Initiate a request to the EmpowerID Token endpoint, https://<EID Server>/oauth/v2/token

POST /oauth/v2/token HTTP/1.1
Host: <EID Server>
Content-Type: application/x-www-form-urlencoded
Authorization: Basic base64Encode(<username>:<password>)
Cache-Control: no-cache
 
client_id={The Client ID of the OAuth app you registered in EmpowerID}
&client_secret={The Client Secret of the OAuth app you registered in EmpowerID}
&grant_type=password
&scope=openid

Header Parameter

Required/Optional

Description

Authorization

required

Base64 encoded value of the username and password of the EmpowerID Person requesting the token base64Encode(<username>:<password>)

Content-Type

required

Must be application/x-www-form-urlencoded.

POST Body Parameter

Required/Optional

Description

client_id 

required

Must be the EmpowerID OAuth application client identifier.

client_secret

required

Must be the EmpowerID OAuth application client secret.

grant_type

required

Must be password

scope

required

A space-separated list of strings that the user consents to. Values include openid for OpenID Connect flow.

2. Returns access token and refresh token (optionally ID token) in the response

{
    "access_token": "xxxxxxxxxxxxxxxxxxxxxx",
    "token_type": "Bearer",
    "expires_in": 3600,
    "refresh_token": "xxxxxxxxxxxxxxxxxxxxxx",
    "id_token": "xxxxxxxxxxxxxxxxxxxxxx",
    "id": "xxxxxxxxxxxxxxxxxxxxxx"
}

Resource Owner Password Grant using .NET Client Library

1. Initialize ClientSettings by passing the client_id, client_secret, redirect_uri, token_endpoint, authorization_endpoint, tokeninfo_endpoint and userinfo_endpoint. Also initialize a new ResourceOwnerPasswordGrant by passing the clientSettings model.

var clientSettings = new ClientSettings(
    “client_id”,
    “client_secret”,
    “redirect_uri”,
    “https://<EID Server>/oauth/v2/token”,
    “https://<EID Server>/oauth/v2/ui/authorize”,
    “https:///<EID Server>/oauth/v2/tokeninfo”,
    “https:///<EID Server>/oauth/v2/userinfo”);
             
 var handler = new ResourceOwnerPasswordGrant(clientSettings);

2. Call the GetAccessToken() method to retrieve the access_tokenrefresh_token, and other token related information.

AccessTokenResponseModel responseModel = null;
try
{
     responseModel = handler.GetAccessToken<AccessTokenResponseModel>
        (RequestMethod.POST,
        ParameterFormat.FormUrlEncoded,
        “username”,
        “password”,
        “openid”);
}
catch (Exception e)
{
     //Handle error
}

  • No labels