GetSTSAuthorizationAccessToken method of GAMRepository Object

Official Content
This documentation is valid for:

Gets a Security Token Service (STS) authorization token.

Syntax

&GAMSTSAuthorizationToken = GAMRepository.GetSTSAuthorizationAccessToken(in: &Client_id, in: &scope, out: &GAMErrors)

Where:

&GAMSTSAuthorizationToken
     Is GAMSTSAuthorizationToken external object data type.

image_2019520134243_1_png

&Client_id
     Is the ClientID of the GAM Application which requests a Token to make a call to a resource afterwards ("AppA"). It's a GUID.

&scope
     Is a string of the form <ApplicationName>.

Note: ApplicationName is the application where the resource to be called is defined ("AppB"). If there is more than one, they should be separated by the '+' sign (e.g: AppB.Prm1+AppB.Prm2...+AppB.PrmN).

&GAMErrors
     Is a collection of GAMError.

Description

The GAMRepository object of GeneXus Access Manager Library has the GetSTSAuthorizationAccessToken method that is used to get a Security Token Service (STS) authorization token.

For more information about this scenario, read Security Token Service Client Authorization.

Consider the example where a client application (AppA) requests access to another application (AppB) - for example, to execute a service of this application.

This method internally executes the RequestTokenService service explained here.

Samples

   &GAMSTSAuthorizationToken = GAMRepository.GetSTSAuthorizationAccessToken(&client_id, &scope, &Errors)
    If &Errors.Count = 0
        &access_token = &GAMSTSAuthorizationToken.access_token
        &GAMSTSAuthorizationToken_Expires_in = &GAMSTSAuthorizationToken.expires_in.ToString()
        &GAMSTSAuthorizationToken_Scope = &GAMSTSAuthorizationToken.scope
        &GAMSTSAuthorizationToken_token_type = &GAMSTSAuthorizationToken.token_type
    Else
        msg(format(!"%1 (%2)",&Errors.Item(1).Message,&Errors.Item(1).code))
    Endif

Notes:

  • The Scope property of &GAMSTSAuthorizationToken returned is the same as the one passed in parameter. 
  • Expires_in is 0 unless you create a Security Policy in the STS server, with an OAuth token expire (minutes) value different than zero. This security policy should be assigned to the user defined for the AppA STS configuration in the STS server.

    Security Policy configuration:
    image_2019520161450_1_png

    User configuration:
    image_2019520161643_1_png

Availability

Since GeneXus 16 upgrade 4

See Also