No edit summary |
No edit summary |
||
| (9 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
A common case is | <message>Write the content here to display this box</message> | ||
A common case is using AzureAD via OpenIdConnect for login - and then wanting to consume GraphAPI services. | |||
In order to consume GraphAPI you will need a shortlived Access_token. | In order to consume GraphAPI, you will need a shortlived Access_token. | ||
To get the fresh Access_token you will need a Refresh_token. | To get the fresh Access_token, you will need a Refresh_token. | ||
To get the Refresh_token you must do a call to the token-endpoint with the short lived code you get when you login. | To get the Refresh_token, you must do a call to the token-endpoint with the short-lived code you get when you login. | ||
Turnkey will do all this for you and update the SysUserClaim object with a ClaimType access_token and refresh_token. | Turnkey will do all this for you and update the SysUserClaim object with a ClaimType access_token and refresh_token. | ||
These will be fetched when you login. | These will be fetched when you login. | ||
The access_token is shortlived - | The access_token is shortlived - you should renew it prior to new operations. | ||
Turnkey can renew | Turnkey can renew it if you add and later call a Method on SysUser: | ||
OpenIdConnectAccessTokenRefresh():String (TV: Eco.[[Method.Eco.ExternalLateBound|ExternalLateBound]]) | OpenIdConnectAccessTokenRefresh():String (TV: Eco.[[Documentation:Method.Eco.ExternalLateBound|ExternalLateBound]]) | ||
This will return an error or ok. If it is ok, the SysUserClaim object with a ClaimType access_token and refresh_token has been updated. | |||
For this to work you need to supply settings for [[OpenID config|OpenIdConnect]] | For this to work, you need to supply settings for [[Documentation:OpenID config|OpenIdConnect.]] | ||
* (You must give the [[Documentation:OpenID config|OpenID_TokenEndPoint]], and OpenIDConnectScope must contain offline_access for AzureAD to issue refresh_token) | |||
* You should also set a value on SharedSecret in TurnkeySettings - this will be used to encrypt the temporary tokens stored in the db | |||
[[Category:MDriven Turnkey]] | |||
[[Category:Authentication]] | |||
{{Edited|July|12|2025}} | |||
Latest revision as of 05:47, 31 January 2025
A common case is using AzureAD via OpenIdConnect for login - and then wanting to consume GraphAPI services.
In order to consume GraphAPI, you will need a shortlived Access_token.
To get the fresh Access_token, you will need a Refresh_token.
To get the Refresh_token, you must do a call to the token-endpoint with the short-lived code you get when you login.
Turnkey will do all this for you and update the SysUserClaim object with a ClaimType access_token and refresh_token.
These will be fetched when you login.
The access_token is shortlived - you should renew it prior to new operations.
Turnkey can renew it if you add and later call a Method on SysUser:
OpenIdConnectAccessTokenRefresh():String (TV: Eco.ExternalLateBound)
This will return an error or ok. If it is ok, the SysUserClaim object with a ClaimType access_token and refresh_token has been updated.
For this to work, you need to supply settings for OpenIdConnect.
- (You must give the OpenID_TokenEndPoint, and OpenIDConnectScope must contain offline_access for AzureAD to issue refresh_token)
- You should also set a value on SharedSecret in TurnkeySettings - this will be used to encrypt the temporary tokens stored in the db