/
OAuth 2.0 Implicit Grant

OAuth 2.0 Implicit Grant

Owned by Phillip Hanegan
Last updated: Jul 13, 2021
2 min read

The Implicit Grant is used to grant access tokens to applications in the authorization response.

You can download sample .NET framework code at https://dl1.empowerid.com/files/OAuthTestSampleCode.zip

Implicit Grant

1. Initiate a login request to the EmpowerID Authorization endpoint, https://<EID Server>/oauth/v2/ui/authorize

https://<EID Server>/oauth/v2/ui/authorize ?client_id=xxxxxxxxxxxxxxxxxx &redirect_uri=https%3A%2F%2Ftestoauthapp.com%2FcallbackUrl &response_type=token id_token &state=xxxxxxxxxxxxxxxxxx &nonce=xxxxxxxxxxxxxxxxxx

Post Body Parameter

Required/Optional

Description

Post Body Parameter

Required/Optional

Description

client_id 

required

Must be the EmpowerID OAuth application client identifier.

redirect_uri

required

Client endpoint to which the authorization server should redirect after request approval.

response_type

required

Must be token to initiate authorization code flow. For OpenID connect use token id_token as response type

scope

required for OpenID Connect

Include scope=id_token for OpenID Connect flow.

state

required

Random string value sent by the client to maintain session and prevent CSR attacks

nonce

required

Random string value sent by the client to uniquely identify each request

2. Authenticate using either EmpowerID credentials or any of the allowed external identity providers.

3. Authorization server redirects to the redirect_uri with the response parameters in the fragment part of URL.

redirect_uri #access_token=xxxxxxxxxxxxxxxxxx &state=xxxxxxxxxxxxxxxxxx &token_type=Bearer &expires_in=3600 &id_token= xxxxxxxxxxxxxxxxxx

Implicit Grant using .NET Client Library

1. Initialize ClientSettings by passing the client_id, client_secret, redirect_uri, token_endpoint, authorization_endpoint, tokeninfo_endpoint and userinfo_endpoint. Also initialize a new ImplicitGrant by passing the clientSettings model.

var clientSettings = new ClientSettings( “client_id”, “client_secret”, “redirect_uri”, “https://<EID Server>/oauth/v2/token”, “https://<EID Server>/oauth/v2/ui/authorize”, “https://<EID Server>/oauth/v2/tokeninfo”, “https://<EID Server>/oauth/v2/userinfo”); var handler = new ImplicitGrant(clientSettings);

2. Call the BuildAuthorizationRequestPacket() method to to build the fully qualified URL to redirect for authentication.

//Generate random nonce and state var nonce = Guid.NewGuid().ToString("N"); var state = Guid.NewGuid().ToString("N"); //Use the below commented code for "code" flow to build parameters var parameters = handler.BuildAuthorizationRequestPacket (ParameterFormat.FormUrlEncoded, state, null, nonce, null); //Use the below commented code for "code id_token" flow to build parameters //var responseTypes = new List<ResponseType> { ResponseType.id_token }; //var parameters = handler.BuildAuthorizationRequestPacket //(ParameterFormat.FormUrlEncoded, state, "openid", nonce, responseTypes); //Generate redirect URL var redirectUrl = string.Format("{0}?{1}", clientSettings.AuthorizeUrl, parameters);

3. In the application Callback URL() method, extract the access_token, id_token , etc., from the fragment part of the redirect URL.

IN THIS ARTICLE

 

Related content