This functionality was removed in Update 23. From Update 23, Smart API Manager is the default authorization server provided with HxGN SDx. The following applies if you are configuring the authorization for an external application using a version of the software before Update 23.
You must configure an OAuth client application entry in the SmartPlant Foundation
Authorization server with the required settings, such as the client name, client ID,
redirect URI, and so on. However, the type of OAuth flow used by API Services for
the external client must be set to AuthorizationCode.
You can configure access to the SmartPlant Foundation Web APIs from an external application using IWA authentication by applying the following example configuration steps to return the OAuth access token.
Issue an Authorization Code request
-
From a browser, issue an Authorization Code request with the following completed fields:
Parameter
Description
response_type
The response_type should be set to code for this type of request. This results in the OAuth end-point returning an authorization code
client_id
The client_id obtained when requesting the OAuth application, which identifies the client application making the request
redirect_uri
The URL that the request is redirected to after access is granted by the user. This is the complete URL, which includes the protocol and port if applicable
scope
The comma-delimited set of permissions that the application requests
state
The parameter specified in the Authorization Code request that provides the state that might be useful to the application upon receipt of the response
For example,
https://[OAuthServer]/oauth/connect/authorize?response_type=code&client_id=SPFWC&redirect_uri=https://[Site]/oauthredirect.html&scope=ingr.api,openid&state=12345
This authorization code request prompts the user for the authentication details in
Smart API Manager.
-
Specify the redirect URL parameters in the redirect_uri setting.
Field
Description
code
The authorization code
state
The parameter specified in the Authorization Code request
The following example shows a successful response from an Authorization Code request.
https://[Site]/oauthredirect.html?code=c6153bbf147c1fcc5f05ebbabee2d396&state=12345
Issue a Post operation to convert the code to a token
The code received in the application from the Authorization Code request is short lived and must be exchanged in the Authorization Code with an access token within a 60 second time frame using a Post request.
You can configure the Authorization Code request time frame using the Authorization Code Lifetime setting in the authentication server.
-
Create a POST request from the application to the /oauth/connect/token endpoint using the following form data:
Field
Description
code
The authorization code returned from the Authorization Code request
client_id
The same Smart Client ID obtained when requesting from the OAuth application
client_secret
The same Smart Client secret obtained when requesting from the OAuth application
redirect_uri
The same URL obtained by the Authorization Code request that the application is redirected to after access is granted by the user
grant_type
This is defined in the OAuth 2.0 specification. This field must contain the value authorization_code
The following is an example Post request:
POST: /oauth/connect/token HTTP/1.1
With the content type set as follows:
Content-Type: application/x-www-form-urlencoded
With the body content set to the following:
client_id = SPFWC
client_secret = J747q/YsHEfWE@fnO(vG)u^ta4-k38p}
redirect_uri = https://[Site]/oauthredirect.html
grant_type = authorization_code
code = c6153bbf147c1fcc5f05ebbabee2d39
-
The response is returned as an access token that can be used in all subsequent authenticated requests to the Web API.
The following is an example of a valid response with a Bearer token:
{
"access_token": "R1hPjq4vll3RVeGWhmiyPn1CpKhcVkJzXhDIB2wQ",
"expires_in": 3600,
"token_type": "Bearer"
}