OAuthAPI.RetrievePasswordTokenForNativeApp

Returns the OAuth service access token via user credentials (username/password) and client credentials (client_id/secret_id) to a Genero mobile app accessing a secure RESTful web service. A refresh token also returned, allows the the access token to be refreshed when it expires.

Syntax

RetrievePasswordTokenForNativeApp(
  timeout INTEGER,
  TokenServiceURL STRING,
  username STRING,
  password STRING,
  client_id STRING,
  client_secret STRING,
  scope STRING)
RETURNS OpenIdCResponseType
  1. timeout. Defines the number of seconds.
  2. TokenServiceURL. This is the token endpoint of the Identity Provider (IdP) securing the service.
  3. username. This is the user's login details.
  4. password. This is the user password.
  5. client_id is the application ID assigned to the app when registered.
  6. client_secret is the application secret created for the app.
  7. scope. This is a space-separated list of scopes defining user access.

Returns a OpenIdCResponseType record with the access token, refresh token, and access token expiration date. NULL may be returned if the access token is not available.

Usage

Use this function to retrieve an access token from an Identity Provider (IdP) for a Genero mobile app accessing a secure RESTful web service directly (not behind a Genero Application Server). The process of getting the token is effectively the same as RetrievePasswordToken or RetrieveServiceToken, except that here you must provide both the user credentials (username/password) and client credentials (client_id and secret_id) as parameters in the call.

If the call is successful, in addition to an access token, an access token expiry date, and a refresh token, is also returned, and is stored in an OpenIdCResponseType record. Use this record in the call to InitNativeApp() to initiate the service.

The key benefit of using this function is to have the access token refreshed automatically when it expires, without the user having to restart the application. Not having to restart the app is possible because the refresh token is available to renew the access token as needed.

In case of error, a NULL value will be returned.

OAuthAPI.RetrievePasswordTokenForNativeApp function

IMPORT FGL OAuthAPI

DEFINE metadata OAuthAPI.OpenIDMetadataType
DEFINE token, refresh STRING
DEFINE expire INTEGER
DEFINE usr, pass STRING
DEFINE client_id, secret_id STRING
DEFINE scope STRING
DEFINE idp_url STRING

MAIN

# Enter following information:
LET idp_url=""   # The IdP's issuer url
LET usr=""       # A valid username
LET pass=""      # password for the above username
LET client_id="" # The client ID of an application registered in IdP
LET secret_id="" # The client secret from the same application

TRY
     CALL OAuthAPI.FetchOpenIDMetadata(5, idp_url)
          RETURNING metadata.*
     IF metadata.issuer IS NULL THEN
         DISPLAY "IdP not available" 
         EXIT PROGRAM 1
     ELSE
        CALL OAuthAPI.RetrievePasswordTokenForNativeApp(5, metadata.token_endpoint, usr, pass, client_id, secret_id, scope) 
          RETURNING token, expire, refresh
        IF token IS NULL THEN
          DISPLAY "Unable to retrieve token"
          EXIT PROGRAM 1
        ELSE
          DISPLAY "Access token value: ",token 
          DISPLAY SFMT("Token expires in %1 seconds",expire)
          IF refresh IS NOT NULL THEN
            DISPLAY "Refresh token value: ",refresh
          ELSE
            DISPLAY "No refresh token"
          END IF
          IF NOT OAuthAPI.InitNativeApp(5, token, client_id, secret_id, metadata.token_endpoint, expire, refresh) THEN
            DISPLAY "Cannot initiate refresh token service"
          END IF
        END IF
     END IF
CATCH
   DISPLAY "ERROR : ",status,sqlca.sqlerrm
   EXIT PROGRAM 1
END TRY

END MAIN