Authorization code grant - HxGN EAM - 11.07.01 - Feature Briefs - Hexagon

HxGN EAM OpenID Connect Guide
Language
English
Product
HxGN EAM
Search by Category
Feature Briefs
HxGN EAM Version
11.7.1

  1. Obtain the authorization end point from the well-known configuration end point. Refer to the Configuring HxGN EAM application with OpenID Connect details section to find the details about accessing the well-known configuration end point in AD FS.

  2. Construct the authorization URL as follows.

    <authorization_endpoint>?response_type=code&response_mode=query&response_type=id_token&client_id=<client-identifier>&redirect_uri=<encoded-redirect-url>&scope=openid

    • authorization_endpoint should be replaced with the URL obtained from the previous step.

    • client-identifier should be replaced with the value of the client identifier while registering the OpenID Connect client. Refer to the Configuring OpenID Connect Client in AD FS & HxGN EAM section for details.

    • encoded-redirect-url should be replaced with encoded redirect URL provided while registering the OpenID Connect client. Refer to the Configuring OpenID Connect Client in AD FS & HxGN EAM section for details about the redirect URL. Please use any appropriate tools for encoding the URL.

  3. Access the constructed URL from a browser. You will be prompted for userid and password details. After providing the details, click the Sign In button. Upon successful validation of the details, the authorization code will be generated, and the request will be redirected to the redirect URL, and the code will part of the query string as we have used the response_mode as query in the request.

  4. Copy the value of the query string parameter code.

  5. Using the Postman application, create a post request to the token end point obtained from the well-known configuration end point (Refer to the Password Grant section for details) with the following parameters added to the Body of the request. Select x-www-form-urlecoded.

    • client_id, whose value will be the OpenID Connect Client Identifier.

    • scope, whose value will be openid.

    • redirect_uri, whose value will be the redirect url provided while registering the OpenID Connect Client.

    • grant_type, whose value will be authorization_code.

    • code, whole value will be the authorization code copied in the previous step.

  6. On successful validation, you will receive a JSON response which contains the id_token.