OAuthAPI.RetrievePasswordTokenForNativeApp

Returns the OAuth service access token via user credentials (username/password) and client credentials (client_id/secret_id). A refresh token allows the access token to be refreshed when it expires.

Syntax

RetrievePasswordTokenForNativeApp(
  timeout INTEGER,
  TokenServiceURL STRING,
  username STRING,
  password STRING,
  client_id STRING,
  client_secret STRING,
  scope STRING)
RETURNS OpenIdCResponseType
  1. timeout. Defines the number of seconds.
  2. TokenServiceURL. This is the token endpoint of the Identity Provider (IdP) securing the service.
  3. username. This is the user's login details.
  4. password. This is the user password.
  5. client_id is the application ID assigned to the app when registered.
  6. client_secret is the application secret created for the app.
  7. scope. This is a space-separated list of scopes defining user access.

Returns an OpenIdCResponseType record with the access token, refresh token, and access token expiration date. NULL may be returned if the access token is not available.

Usage

Use this to retrieve an access token that will be refreshed automatically when it expires, without the user having to restart the application. For example, you would use it to get an access token for a Genero mobile app accessing a secure RESTful web service that is not behind a Genero Application Server.

The process of getting the token is effectively the same as RetrievePasswordToken or RetrieveServiceToken, except that here you must provide both the user credentials (username/password) and client credentials (client_id and secret_id) as parameters in the call.

The access token, access token expiry date, and refresh token returned are stored in an OpenIdCResponseType record. This record is passed in the call to InitNativeApp() to initiate the service.

In case of error, a NULL value will be returned.

OAuthAPI.RetrievePasswordTokenForNativeApp function

IMPORT FGL OAuthAPI

DEFINE metadata OAuthAPI.OpenIDMetadataType
DEFINE token, refresh STRING
DEFINE expire INTEGER
DEFINE usr, pass STRING
DEFINE client_id, secret_id STRING
DEFINE scope STRING
DEFINE idp_url STRING

MAIN

# Enter following information:
LET idp_url=""   # The IdP's issuer url
LET usr=""       # A valid username
LET pass=""      # password for the above username
LET client_id="" # The client ID of an application registered in IdP
LET secret_id="" # The client secret from the same application

TRY
     CALL OAuthAPI.FetchOpenIDMetadata(5, idp_url)
          RETURNING metadata.*
     IF metadata.issuer IS NULL THEN
         DISPLAY "IdP not available" 
         EXIT PROGRAM 1
     ELSE
        CALL OAuthAPI.RetrievePasswordTokenForNativeApp(5, metadata.token_endpoint, usr, pass, client_id, secret_id, scope) 
          RETURNING token, expire, refresh
        IF token IS NULL THEN
          DISPLAY "Unable to retrieve token"
          EXIT PROGRAM 1
        ELSE
          DISPLAY "Access token value: ",token 
          DISPLAY SFMT("Token expires in %1 seconds",expire)
          IF refresh IS NOT NULL THEN
            DISPLAY "Refresh token value: ",refresh
          ELSE
            DISPLAY "No refresh token"
          END IF
          IF NOT OAuthAPI.InitNativeApp(5, token, client_id, secret_id, metadata.token_endpoint, expire, refresh) THEN
            DISPLAY "Cannot initiate refresh token service"
          END IF
        END IF
     END IF
CATCH
   DISPLAY "ERROR : ",status,sqlca.sqlerrm
   EXIT PROGRAM 1
END TRY

END MAIN