OpenIdConnect access token and refresh token
No edit summary
(Automatically adding template at the end of the page.)
 
(6 intermediate revisions by 3 users not shown)
Line 1: Line 1:
A common case is to use AzureAD via OpenIdConnect for login - and then wanting to consume GraphAPI services.
A common case is using AzureAD via OpenIdConnect for login - and then wanting to consume GraphAPI services.


In order to consume GraphAPI you will need a shortlived Access_token.
In order to consume GraphAPI, you will need a shortlived Access_token.


To get the fresh Access_token you will need a Refresh_token.
To get the fresh Access_token, you will need a Refresh_token.


To get the Refresh_token you must do a call to the token-endpoint with the short lived code you get when you login.
To get the Refresh_token, you must do a call to the token-endpoint with the short-lived code you get when you login.


Turnkey will do all this for you and update the SysUserClaim object with a ClaimType access_token and refresh_token.
Turnkey will do all this for you and update the SysUserClaim object with a ClaimType access_token and refresh_token.
(you must give the OpenID_TokenEndPoint, and OpenIDConnectScope must contain offline_access for AzureAD to issue refresh_token )


These will be fetched when you login.
These will be fetched when you login.


The access_token is shortlived - and you should renew it prior to new operations.
The access_token is shortlived - you should renew it prior to new operations.


Turnkey can renew if your you if you add and later call a Method on SysUser :
Turnkey can renew it if you add and later call a Method on SysUser:
  OpenIdConnectAccessTokenRefresh():String (TV: Eco.[[Method.Eco.ExternalLateBound|ExternalLateBound]])  
  OpenIdConnectAccessTokenRefresh():String (TV: Eco.[[Method.Eco.ExternalLateBound|ExternalLateBound]])  
- this will return an error or ok, if ok the SysUserClaim object with a ClaimType access_token and refresh_token has been updated.
This will return an error or ok. If it is ok, the SysUserClaim object with a ClaimType access_token and refresh_token has been updated.


For this to work you need to supply settings for [[OpenID config|OpenIdConnect]]
For this to work, you need to supply settings for [[OpenID config|OpenIdConnect.]]
* (You must give the [[OpenID config|OpenID_TokenEndPoint]], and OpenIDConnectScope must contain offline_access for AzureAD to issue refresh_token)
[[Category:MDriven Turnkey]]
[[Category:Authentication]]
{{Edited|July|12|2024}}

Latest revision as of 15:44, 10 February 2024

A common case is using AzureAD via OpenIdConnect for login - and then wanting to consume GraphAPI services.

In order to consume GraphAPI, you will need a shortlived Access_token.

To get the fresh Access_token, you will need a Refresh_token.

To get the Refresh_token, you must do a call to the token-endpoint with the short-lived code you get when you login.

Turnkey will do all this for you and update the SysUserClaim object with a ClaimType access_token and refresh_token.

These will be fetched when you login.

The access_token is shortlived - you should renew it prior to new operations.

Turnkey can renew it if you add and later call a Method on SysUser:

OpenIdConnectAccessTokenRefresh():String (TV: Eco.ExternalLateBound) 

This will return an error or ok. If it is ok, the SysUserClaim object with a ClaimType access_token and refresh_token has been updated.

For this to work, you need to supply settings for OpenIdConnect.

  • (You must give the OpenID_TokenEndPoint, and OpenIDConnectScope must contain offline_access for AzureAD to issue refresh_token)
This page was edited more than 11 months ago on 02/10/2024. What links here