Show/Hide Toolbars

Thereforeâ„¢ Help

 

Authorization Code Grant

https://oauth.thereforeonline.com/OAuth/Authorize?tenant=<tenant_name>&client_id=<client_id>&redirect_uri=https%3A%2F%2Foauth2testclient.azurewebsites.net%2F&state=HrjWnIN_kte4ZheGPJWTBQ&scope=Therefore_User%20offline_access&response_type=code

 

Tenant

Therefore Tenant Name (mandatory)

 

client_id

Registered client id of the application

 

redirect_uri

State as define in OAuth spec

 

Scopes

Therefore_Read – read only access

Therefore_User – access with user permissions

offline_access – request a refresher token

 

response_type

State as defined in OAuth spec

 

 

Sample request to get the access token

 

POST https://oauth.thereforeonline.com/OAuth/Token?tenant=NTWare1

Authorization: Basic <hidden> → clientid:clientsecret

 

Body:

code=<auth_code>&redirect_uri=<redirect_uri>&grant_type=authorization_code

 

Response:

{

                "access_token": "<token>",

                "token_type": "bearer",

                "expires_in": 1199,

                "refresh_token": "<token>"

}

 

Sample Request a new access token with refresh token:

 

POST https://oauth.thereforeonline.com/OAuth/Token?tenant=NTWare1

Authorization: Basic <hidden> → clientid:clientsecret

 

Body:

refresh_token=<refresh_token>&grant_type=refresh_token

 

Response:

{

                "access_token": "<token>",

                "token_type": "bearer",

                "expires_in": 1199,

                "refresh_token": "<token>"

}

 

The issued OAuth token can then be used as Bearer Token (in Auth Header) for all Web API Requests. In Thereforeâ„¢, OAuth must be enabled and the client must be added as a valid client:

SD_T_AuthMeth_AdminTasks_OAuth_001

If the client application is not added here, the connection will fail even if the token is generally valid. This is also an easy way to revoke access to Thereforeâ„¢ for a specific application.

 

OAuth-generated tokens can be used to authenticate users for Thereforeâ„¢ in the Thereforeâ„¢ Web Client, Portal, API, WebAPI

 

Note

Note: for security reasons JWT/OAuth Tokens must only be used with SSL (https://).

Web Client, Portal: add a new query parameter ssoToken=<token> to any initial request to the Web Client or Portal.

 

Example (Web Client):

https://<server>/TWA/Client/Web/Viewer/Viewer.aspx?docno=349738&ssoToken=<token>

https://<server>/TWA/Portal/Portal.aspx?qNo=123&ssoToken=<token>

 

Example API:

string sToken = "<token>;

string sNodeInternal, sNodeFriendly;

TheServer s = new TheServer();

s.ConnectBearerToken(TheClientType.CustomApplication, sToken, "", "", "", true, TheConnectMode.NoLicenseMove, out sNodeInternal, out sNodeFriendly);