OAuth with Thereforeâ„¢ |
Scroll |
Authorization Code Grant https://oauth.thereforeonline.com/OAuth/Authorize?tenant=<tenant_name>&client_id=<client_id>&redirect_uri=https%3A%2F%2Foauth2testclient.azurewebsites.net%2F&state=HrjWnIN_kte4ZheGPJWTBQ&scope=Therefore_User%20offline_access&response_type=code
Tenant Therefore Tenant Name (mandatory)
client_id Registered client id of the application
redirect_uri State as define in OAuth spec
Scopes •Therefore_Read – read only access •Therefore_User – access with user permissions •offline_access – request a refresher token
response_type State as defined in OAuth spec
Sample request to get the access token
POST https://oauth.thereforeonline.com/OAuth/Token?tenant=NTWare1 Authorization: Basic <hidden> → clientid:clientsecret
Body: code=<auth_code>&redirect_uri=<redirect_uri>&grant_type=authorization_code
Response: { Â "access_token": "<token>", Â "token_type": "bearer", Â "expires_in": 1199, Â "refresh_token": "<token>" }
Sample Request a new access token with refresh token:
POST https://oauth.thereforeonline.com/OAuth/Token?tenant=NTWare1 Authorization: Basic <hidden> → clientid:clientsecret
Body: refresh_token=<refresh_token>&grant_type=refresh_token
Response: { Â "access_token": "<token>", Â "token_type": "bearer", Â "expires_in": 1199, Â "refresh_token": "<token>" }
The issued OAuth token can then be used as Bearer Token (in Auth Header) for all Web API Requests. In Thereforeâ„¢, OAuth must be enabled and the client must be added as a valid client: If the client application is not added here, the connection will fail even if the token is generally valid. This is also an easy way to revoke access to Thereforeâ„¢ for a specific application.
OAuth-generated tokens can be used to authenticate users for Thereforeâ„¢ in the Thereforeâ„¢ Web Client, Portal, API, WebAPI
Example (Web Client): https://<server>/TWA/Client/Web/Viewer/Viewer.aspx?docno=349738&ssoToken=<token> https://<server>/TWA/Portal/Portal.aspx?qNo=123&ssoToken=<token>
Example API: string sToken = "<token>; string sNodeInternal, sNodeFriendly; TheServer s = new TheServer(); s.ConnectBearerToken(TheClientType.CustomApplication, sToken, "", "", "", true, TheConnectMode.NoLicenseMove, out sNodeInternal, out sNodeFriendly);
|
---|