Generating a token (retired) - HxGN SDx - HxGN SDx - Reference - Hexagon

This functionality was removed in Update 23.

The following example uses the Postman REST client to make a call to the Intergraph Authorization Server that responds to a specific http POST request with the generated token. The OAuth client is named TestClient with a client secret of ABC123, and uses the Resource Owner OAuth flow, all of which have been configured in the Authorization server.

1. Open your REST client, such as Postman REST Client.

   Other REST clients are available, such as Fiddler, Advanced REST Client, or RESTClient.

2. Configure a new POST request to the following URL:

   http://[localhost]/[SPFConfigService]/SPFAuthentication/oauth/connect/token

3. Click the Body tab, select the format x-www-form-urlencoded, and configure the values that are sent with the request to generate the OAuth token.

   The following image shows the example values added to the request body for SmartPlant Foundation version 2016 (6.0):

   

   The following image shows the example values added to the request body for SmartPlant Foundation version 2016 R1, and later versions:

   

   From SmartPlant Foundation version 2016 R1, the scope value must be set to ingr.api. Also an additional resource value must be set to identify the API being used. This value can be found in the id attribute in the HxGN SDx Application Server’s web.config file. For example, C:\Program Files (x86)\SDX\SPFServer\Web.config as follows:

   <intergraph.webApi>

   <security>

   <oauth issuer="http://localhost/SPFConfigService/SPFAuthentication/oauth" requiredScopes="ingr.api" />

   <cors allowedOrigins="*" allowedMethods="*" allowedHeaders="*" exposedHeaders="" allowCredentials="false" preflightMaxAge="600" />

   </security>

   <services baseUri="">

   <service prefix="api" id="EE9C5479-A52E-4D11-80AE-BFDDCE9A603F" secret="" instance="" />

   </services>

   </intergraph.webApi>

   This id attribute value changes when a different OAuth token provider is used, such as Smart API Manager.

4. Click Send to generate the response, which produces the token in JSON format. This specifies an access_token value, an expires_in value, and a token_type value, as shown in the following image:

   

   The token expires_in value can be configured to be longer or shorter depending on the client configuration of the Authorization server.

5. Select the access_token value (as shown in the previous image), and copy it for future reference.

   

   • Generating an OAuth token for a user at this point does not log in the user and no license is taken. The Authorization server simply ensures that any supplied credentials are correct and generates an OAuth token containing various settings known as OAuth claims.

   • The OAuth token is not encrypted and just base-64 encoded. The following example shows a decoded OAuth token and the values contained within the encoded string:

     {

     “client_id”: “TestClient”,

     “scope”: “SPF”,

     “sub”: “superuser”,

     “amr”: “password”,

     “auth_time”: 1489148304,

     “idp”: “idsrv”,

     “name”: “superuser”,

     “ClientHostName” : “SPFMachine”,

     “role”: “Admin”,

     “ingr.session_id”: “6800695efddf40d8977fbc4b765800d3”,

     “iss”: “http/localhost/spfconfigservice/spfauthentication/oauth”,

     “aud”: “http/localhost/spfconfigservice/spfauthentication/oauth/resources”,

     “exp”: “1489151904”,

     “nbf”: “1489148304”

     }

   A decoding utility for OAuth tokens and viewing the contents can be found at: htttps//jwt.io.