OAuth2 Authorization Code

The code examples below are C# code without making use of any specific OAuth library. 

Authorization Code

The OAuth2 “authorization code flow” has the advantage that the Client Application does not have to store the 2BA user’s credentials. A coupling is established once for each user. This is achieved via the 2BA login page. This process takes the following steps:

The application opens an (embedded) browser and navigates to the 2BA authorization server (https://authorize.2ba.nl/). This request contains the following parameters

FieldDescription
response_type=codeSpecifies that the authorization server should return an authorization code
client_idUsed to identify the client application. A software partner can obtain this by contacting 2BA
redirect_uri The URL to navigate to once the login procedure has completed. The url is required and must be conform the http(s) scheme. (must begin with http(s). e.g. https://www.2ba.nl). The url can also be localhost. (e.g. http://localhost:8080) Note that this URL must be registered under your 2BA ClientId. Please send a mail to us with all needed redirect_uri’s !
var url = new Uri(string.Format("{0}/OAuth/Authorize?response_type=code&client_id={1}&redirect_uri={0}", 
    Properties.Settings.Default.AuthorizeUrl, 
    Globals.ClientId));
this.WebBrowser1.Navigate(url);

The user enters his/her credentials using the login page

Navigation returns to the URL specified by redirect_uri with the parameter ?code={authorization_code}.
This response can be parsed. For example:

private void WebBrowser1_Navigated(object sender, WebBrowserNavigatedEventArgs e)
{
    //Look for the authorization code field
    const string SearchCondition = "/?code=";
    if (e.Url.PathAndQuery.StartsWith(SearchCondition))
    {
        var queryString = string.Join(string.Empty, e.Url.AbsoluteUri.Split('?').Skip(1));
        var parsedQuery = HttpUtility.ParseQueryString(queryString);
        this.Authorization_Code = parsedQuery["code"];
        this.DialogResult = DialogResult.OK;
        this.Close();
    }
}

The token service (see below) is then invoked with a grant_type of “authorization_code” and the ‘code’ parameter set to the autorization code retrieved earlier:

public static OAuthTokenResponse GetAccessToken(string authorizationCode)
{
    var postMessage = string.Format("grant_type=authorization_code&code={0}&client_id={2}&client_secret={3}&redirect_uri={1}", 
        authorizationCode, 
        Settings.Default.AuthorizeUrl, 
        Globals.ClientId, 
        Globals.ClientSecret);
    var request = (HttpWebRequest)WebRequest.Create(Settings.Default.AuthorizeUrl + "/OAuth/Token");
    var data = Encoding.ASCII.GetBytes(postMessage);
    request.Method = "POST";
    request.ContentType = "application/x-www-form-urlencoded";
    request.ContentLength = data.Length;
    using (var stream = request.GetRequestStream())
    {
        stream.Write(data, 0, data.Length);
    }

The token service returns the access_token, refresh_token, lifetime etc. which can then be used to invoke Unifeed or our other services:

var response = (HttpWebResponse)request.GetResponse();
    var responseString = new StreamReader(response.GetResponseStream()).ReadToEnd();
    var token = new OAuthTokenResponse();
    var jobj = JObject.Parse(responseString);
    token.AccessToken = (string)jobj["access_token"];
    token.RefreshToken = (string)jobj["refresh_token"];
    token.ExpiresIn = (int)jobj["expires_in"];
    token.TokenGet = DateTime.Now;
    return token;
}
Wat biedt 2BA voor u als Installateur Wat biedt 2BA voor u als Groothandel Wat biedt 2BA voor u als Fabrikant Wat biedt 2BA voor u als Software Partner
This site is registered on wpml.org as a development site.