Authorization Code Defined Example OAuth 2.0

Use OAuth 2.0 client credentials grant flow to enable a web service to use its own credentials to authenticate another call web service.

Prerequisites

Example: https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/authorize? client_id=<client_id>&response_type=code&redirect_uri=<login_url_registered _in_app-portal>&response_mode=query&scope=<client_id>%2F.default%20openid

%20offline_access&state=<a_state_string>

The tenant_id format: xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx.

Once the URL is updated, paste the string into a web browser. This will direct you to Ennov InSight login page. If there is no redirection configured, you will logon Ennov InSight . In this case, close the browser window and re-copy the original URL.

A successful code generation displays an Http 400 error page without a valid redirection_uri defined. Example:

<login_url_registered_in_app-portal>? code=<very_long_hash_string>&state=<a_state_value>&session_state=<a_auto_ge nerated_string>

Copy the whole of the URL to a text editor and extract the very long hash string between code= and &state.

To define client credentials:

1. Submit a HTTPS POST request to: https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token The body of the request should include the form-data:

   Parameter Name	Value
   grant_type	authorization_code
   client_id	xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx
   scope	<registered client_id>/.default openid
   redirect_uri	<login url defined in code request>
   code	<hash string extracted earlier>
   offline_access	Optional. Add this parameter if you want to use the refresh_token flow.

   The Response generates an AzureBearerBody Token.

2. Use this bearer token in the refresh_token grant flow if the offline_access parameter is defined. If not, follow the usual steps to generate the X-CSRF-TOKEN, JSESSION & RIM API login.