Ennov InSight API Documentation 7.2

Authorization Code Defined Example OAuth 2.0

Use OAuth 2.0 client credentials grant flow to enable a web service to use its own credentials to authenticate another call web service.

Use the offline_access scope parameter when connecting through this method. Logging into the RIM API should follow the refresh_token grant after initial bearer token has been generated.

If there is no redirection configured to verify the user login details, and the callback URI is not registered in the Azure Portal - App Registration, this process will require a manual step

The parameters for URL to the OAuth endpoint:
Parameter Name Value
client_id xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx
response_type code
redirect_uri https://some-vaid-uri-configured-in-azure-portal
response_mode query
scope <registered client_id>/.default openid offline_access
state <A random string>
Example: https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/authorize?client_id=<client_id>&response_type=code&redirect_uri=<login_url_registered_in_app-portal>&response_mode=query&scope=<client_id>%2F.default%20openid%20offline_access&state=<a_state_string>

The tenant_id format: xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx.

Once the URL is updated, paste the string into a web browser. This will direct you to Ennov InSight login page. If there is no redirection configured, you will logon Ennov InSight . In this case, close the browser window and re-copy the original URL.

A successful code generation displays an Http 400 error page without a valid redirection_uri defined. Example: <login_url_registered_in_app-portal>?code=<very_long_hash_string>&state=<a_state_value>&session_state=<a_auto_generated_string>

Copy the whole of the URL to a text editor and extract the very long hash string between code= and &state.

To define client credentials:
  1. Submit a HTTPS POST request to: https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token
    The body of the request should include the form-data:
    Parameter Name Value
    grant_type authorization_code
    client_id xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx
    scope <registered client_id>/.default openid
    redirect_uri <login url defined in code request>
    code <hash string extracted earlier>
    offline_access Optional. Add this parameter if you want to use the refresh_token flow.
    The Response generates an AzureBearerBody Token.
  2. Use this bearer token in the refresh_token grant flow if the offline_access parameter is defined. If not, follow the usual steps to generate the X-CSRF-TOKEN, JSESSION & RIM API login.