Authorization code grant - HxGN EAM - 12.0.1 - Feature Briefs - Hexagon

HxGN EAM OpenID Connect

Language
English
Product
HxGN EAM
Search by Category
Feature Briefs
HxGN EAM Version
12.0.1
  1. Obtain the authorization end point from the well-known configuration end point. See the "Configuring HxGN EAM application with OpenID Connect details" section to find the details about accessing the well-known configuration end point.

  2. For ADFS, the client should be created as a Public Client and for OKTA and Azure AD, confidential client works. See the previous sections for the configuration details.

  3. Construct the authorization URL as follows.

    <authorization_endpoint>?response_type=code&response_mode=query&client_id=<client-identifier>&redirect_uri=<encoded-redirect-url>&scope=openid&state=<random-state>

    • authorization_endpoint should be replaced with the URL obtained from the previous step.

    • client-identifier should be replaced with the value of the client identifier while registering the OpenID Connect client. See the "Configuring HxGN EAM application with OpenID Connect details of AD FS/Azure/Okta" sections for details.

    • encoded-redirect-url should be replaced with encoded redirect URL provided while registering the OpenID Connect client. See the "Configuring HxGN EAM application with OpenID Connect details of AD FS/Azure/Okta" sections for details about the redirect URL. Use any appropriate tools for encoding the URL.

    • random-state could be some unique random string for each request.

  4. Access the constructed URL from a browser. You will be prompted for userid and password details. After providing the details, click the Sign In button. Upon successful validation of the details, the authorization code will be generated, and the request will be redirected to the redirect URL, and the code will part of the query string as we have used the response_mode as query in the request.

  5. Copy the value of the query string parameter code.

  6. Using the Postman application, create a post request to the token end point obtained from the well-known configuration end point (See the Password grant section for details) with the following parameters added to the Body of the request. Select x-www-form-urlecoded.

    • client_id, whose value will be the OpenID Connect Client Identifier.

    • client_secret, whose value will be the Client Secret. This parameter should not be used for ADFS as the client used will be a public client which doesn't have a password.

    • scope, whose value will be openid. For Azure AD, this will be openid profile. There is a space between openid and profile.

    • redirect_uri, whose value will be the redirect url provided while registering the OpenID Connect Client.

    • grant_type, whose value will be authorization_code.

    • code, whole value will be the authorization code copied in the previous step.

      Authorization_code_grant

  7. On successful validation, you will receive a JSON response which contains the id_token.