Tower Contracting
Development EnvironmentAuthentication Types
Authorization Code Grant
In the Authorization Code Grant flow, your client integration obtains consent from an individual to perform actions on their behalf, then receives an authorization code that can be exchanged for an access token, which is required to make API calls.
Prerequisites
To obtain an access token with Authorization Code Grant, you must meet the following prerequisites:
-
Integration Key / Client Id:
An integration key identifies your integration and links to its configuration values.
-
Secret Key:
A secret key is a value that is stored securely in your web server and only shared with your web server and the Corecon platform.
-
Redirect URI:
The redirect URI is the URI (URL) to which Corecon will redirect the browser after authentication and client approval.
Steps to get access token
Redirect using the link url to get authorization code
Endpoint_URL/Authorization?response_type=code&scopes=Scope&state=State&client_id=ClientID&redirect_uri=RedirectUrl
Where:Endpoint_URL is the corecon authorization API URL.
-
Scope is authorization scopes like add,read,edit.
Scope sequence should be as:
- add
- read
- edit
- add,read
- read,edit
- add,read,edit
-
State is the authorization state like wqcorcf-#$%HY5.
-
ClientID is the access client code. eg f28d637d-XXXXX-7f27-XXXX-889b529c2bf1.
-
RedirectUrl is the url url of client application like https://mycustomdomain.com/callback. . When testing this can also be your local environment, e.g. http://localhost:4200/callback.
See example below of a sample URL:
Endpoint_URL/Authorization?response_type=code&scopes=add,read,edit&state=state1&client_id=9d1XXXXX-2822-XXXXX-3734-cf5bXXXXXed0&redirect_uri=http://localhost:4200/callback
The user will be presented with a prompt asking them to confirm granting access to your Application using the API.
Click Allow | Deny button
User will be redirected to your Redirect URL with authorization code and state. The URL will take the following structure:
Redirect_URI?code=Authorization_Code&state=State
To get access token, make an http client post call to API end point with code, state, redirect_uri and "authorization_code" as grant_type
like below given sample code
public async Task GetAccessToken(string code, string state)
{
byte[] plainTextBytes = System.Text.Encoding.UTF8.GetBytes(client_id + ":" + secret_key);
string key = System.Convert.ToBase64String(plainTextBytes);
HttpClient _client = new HttpClient
{
BaseAddress = new Uri(ConstantValue.BaseAddress + "token")
};
_client.DefaultRequestHeaders.Accept.Clear();
_client.DefaultRequestHeaders.Add("authorization", "Basic " + key);
_client.DefaultRequestHeaders.Add("Access-Control-Allow-Origin", "*");
_client.DefaultRequestHeaders.Add("No-Auth", "true");
_client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/x-www-form-urlencoded"));
HttpRequestMessage requestMessage = new HttpRequestMessage(HttpMethod.Post, ConstantValue.BaseAddress + "token")
{
Content = new FormUrlEncodedContent(new Dictionary
{
{ "grant_type", "authorization_code" },
{ "redirect_uri", ConstantValue.redirect_uri },
{ "code", code },
{ "state", state }
})};
HttpResponseMessage response = await _client.SendAsync(requestMessage);
if (response.IsSuccessStatusCode)
{
HttpContent responseContent = response.Content;
string responseString = responseContent.ReadAsStringAsync().Result;
dynamic tokenInfo = JObject.Parse(responseString);
Token token = new Token
{
AccessToken = tokenInfo.access_token,
ExpiresIn = tokenInfo.expires_in,
RefreshToken = tokenInfo.refresh_token,
TokenType = tokenInfo.token_type
};
TempData["Token"] = token;
return View(token);
}
else
{
return View();
}
}
The API response takes the following form:
Resource Owner Credentials
Steps to get access token
To get access token, make an http client post call to API end point with username, password, scopes and "password" as grant_typelike below given sample code
public async Task Index(CredModel credModel)
{
byte[] plainTextBytes = Encoding.UTF8.GetBytes(credModel.ClientID + ":" + credModel.SecretCode);
string key = System.Convert.ToBase64String(plainTextBytes);
HttpClient _client = new HttpClient
{
BaseAddress = new Uri(ConstantValue.BaseAddress + "token") };
_client.DefaultRequestHeaders.Accept.Clear();
_client.DefaultRequestHeaders.Add("authorization", "Basic " + key);
_client.DefaultRequestHeaders.Add("Access-Control-Allow-Origin", "*");
_client.DefaultRequestHeaders.Add("No-Auth", "true");
_client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/x-www-form-urlencoded"));
HttpRequestMessage requestMessage = new HttpRequestMessage(HttpMethod.Post, ConstantValue.BaseAddress + "token")
{
Content = new FormUrlEncodedContent(new Dictionary{
{ "grant_type", "password" },
{ "username", credModel.UserName },
{ "password", credModel.Password },
{ "scope", credModel.Scopes }
})};
HttpResponseMessage response = await _client.SendAsync(requestMessage);
if (response.IsSuccessStatusCode)
{
HttpContent responseContent = response.Content;
string responseString = responseContent.ReadAsStringAsync().Result;
dynamic tokenInfo = JObject.Parse(responseString);
Token token = new Token
{
AccessToken = tokenInfo.access_token,
ExpiresIn = tokenInfo.expires_in,
RefreshToken = tokenInfo.refresh_token,
TokenType = tokenInfo.token_type
};
return View(token);
}
else
{
return View("Index", "Home");
}
}
The API response takes the following form:
Client Credentials
Steps to get access token
To get access token, make an http client post call to API end point with username, password, scopes and "client_credentials" as grant_typelike below given sample code
public async Task Index(CredModel credModel)
{
byte[] plainTextBytes = Encoding.UTF8.GetBytes(credModel.ClientID + ":" + credModel.SecretCode);
string key = System.Convert.ToBase64String(plainTextBytes);
HttpClient _client = new HttpClient
{ BaseAddress = new Uri(ConstantValue.BaseAddress + "token") };
_client.DefaultRequestHeaders.Accept.Clear();
_client.DefaultRequestHeaders.Add("authorization", "Basic " + key);
_client.DefaultRequestHeaders.Add("Access-Control-Allow-Origin", "*");
_client.DefaultRequestHeaders.Add("No-Auth", "true");
_client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/x-www-form-urlencoded"));
HttpRequestMessage requestMessage = new HttpRequestMessage(HttpMethod.Post, ConstantValue.BaseAddress + "token")
{
Content = new FormUrlEncodedContent(new Dictionary {
{ "grant_type", "client_credentials" },
{ "scope", credModel.Scopes }
})};
HttpResponseMessage response = await _client.SendAsync(requestMessage);
if (response.IsSuccessStatusCode)
{
HttpContent responseContent = response.Content;
string responseString = responseContent.ReadAsStringAsync().Result;
dynamic tokenInfo = JObject.Parse(responseString);
Token token = new Token
{
AccessToken = tokenInfo.access_token,
ExpiresIn = tokenInfo.expires_in,
RefreshToken = tokenInfo.refresh_token,
TokenType = tokenInfo.token_type
};
return View(token);
}
else
{
return View("Index", "Home");
}
}
The API response takes the following form: