GeneXus Access Manager (GAM)
Table of contents


Official Content

It's a REST service to obtain an OAuth 2.0 authorization token.

When using One-Factor Authentication

Endpoint

POST  $ServerURL/oauth/gam/access_token

Parameters

Client_id: Client ID of the application.
Grant_type: Authentication type name.
Scope: Scope of the user account you wish to access. (FullControl o gam_user_info)
Username: Username of the account you wish to access.
Password: Password of the account you wish to access.

Sample

&addstring = "client_id=be47d883307446b4b93fea47f9264f88&grant_type=GAMLocal&scope=FullControl+gam_user_info&username=test&password=test"

&getstring = &urlbase + "/oauth/access_token"  

&httpclient.AddHeader("Content-Type", "application/x-www-form-urlencoded")
&httpclient.AddString(&addstring)
&httpclient.Execute("POST", &getstring)

&httpstatus = &httpclient.StatusCode
&result = &httpclient.ToString()

Response

{    
     "access_token": "ae47229f-e133-42d1-87e0-c5ac59e51edf!a90817ee94932e905b6fada72bf83dbef4605e2bacbe850f6a684bb3a7b072a6860b2ee76d20d6",     
     "token_type": "Bearer",     
     "expires_in": 180,     
     "refresh_token": "001mebXeCSJY0Pb9nMsBoVIYAvbwAhbHw5FqK1e",     
     "scope": "FullControl+gam_user_info",     
     "user_guid": "eeb8bc39-b7dc-4169-8eb7-ffee95386876" 
}

When using Two-Factor Authentication

Endpoint

POST  $ServerURL/oauth/access_token

First step

Client_id: Client ID of the application.
Grant_type: Authentication type name
Scope: Scope of the user account you wish to access.
Username: Username of the account you wish to access.
Password: Password of the account you wish to access.
Additional_Parameters: Both OTPStep and UseTwoFactorAuthentication are necessary. 

Sample

&addstring = 'client_id=be47d883307446b4b93fea47f9264f88&grant_type=GAMLocal&scope=FullControl+gam_user_info&username=test&password=test&additional_parameters="AuthenticationTypeName":"Local","OTPStep":"1","Repository":"","UseTwoFactorAuthentication":"false","Properties":[{}]}'

&getstring = &urlbase + "/oauth/access_token"
&httpclient.AddHeader("Content-Type", "application/x-www-form-urlencoded")
&httpclient.AddString(&addstring)
&httpclient.Execute("POST", &getstring)

&httpstatus = &httpclient.StatusCode
&result = &httpclient.ToString()

The first step returns status code 202 and error 410:

{
   "error": {
       "code": "410",
       "message": "To enter app, the second authentication factor must be validated."
    }
}

Second step

Client_id: Client ID of the application.
Grant_type: Authentication type name
Scope: Scope of the user account you wish to access.
Username: Username of the account you wish to access.
Password: OTP_Value
Additional_Parameters: Both OTPStep and UseTwoFactorAuthentication are necessary. 

Sample

&addstring = 'client_id=be47d883307446b4b93fea47f9264f88&grant_type=GAMLocal&scope=FullControl+gam_user_info&username=test&password=OTP_Value&additional_parameters="AuthenticationTypeName":"Local","OTPStep":"2","Repository":"","UseTwoFactorAuthentication":"true","Properties":[{}]}'

&getstring = &urlbase + "/oauth/access_token"
&httpclient.AddHeader("Content-Type", "application/x-www-form-urlencoded")
&httpclient.AddString(&addstring)
&httpclient.Execute("POST", &getstring)

&httpstatus = &httpclient.StatusCode
&result = &httpclient.ToString()

Second step response

{
    "access_token": "72fef4c4-bb13-418b-9eee-92cbc18ed846!9153eaf0277241ef38de08ea5a7adf47d08ed29144e90c2ab46da38bb02a441b21273ee3ac56e4",
    "token_type": "Bearer"
    "expires_in": 0,
    "refresh_token": "",
    "scope": "FullControl",
    "user_guid": "63d9f144-f4e1-4f9e-a49e-ba0a12892544"
}

When using a One-Time Password

Endpoint

POST  $ServerURL/oauth/access_token

First step

Client_id: Client ID of the application.
Grant_type: Authentication type name
Scope: Scope of the user account you wish to access.
Username: Username of the account you wish to access.
Password: Password of the account you wish to access.

Sample

&addstring = "client_id=be47d883307446b4b93fea47f9264f88&grant_type=GAMLocal&scope=FullControl+gam_user_info&username=test&password=test&additional_parameters="AuthenticationTypeName":"Local","Repository":"","Properties":[{}]}'

&getstring = &urlbase + "/oauth/access_token"
&httpclient.AddHeader("Content-Type", "application/x-www-form-urlencoded")
&httpclient.AddString(&addstring)
&httpclient.Execute("POST", &getstring)

&httpstatus = &httpclient.StatusCode
&result = &httpclient.ToString()

The first step returns status code 202 and error 400

{
   "error": {
       "code": "400",
       "message": "An email was sent with your access code"
    }
}

Second step

Client_id: Client ID of the application.
Grant_type: Authentication type name
Scope: Scope of the user account you wish to access.
Username: Username of the account you wish to access.
Password: OTP_Value

Sample

&addstring = "client_id=be47d883307446b4b93fea47f9264f88&grant_type=GAMLocal&scope=FullControl+gam_user_info&username=test&password=OTP_Value&additional_parameters="AuthenticationTypeName":"Local","Repository":"","Properties":[{}]}'

&getstring = &urlbase + "/oauth/access_token"
&httpclient.AddHeader("Content-Type", "application/x-www-form-urlencoded")
&httpclient.AddString(&addstring)
&httpclient.Execute("POST", &getstring)

&httpstatus = &httpclient.StatusCode
&result = &httpclient.ToString()

Second step response

{
    "access_token": "72fef4c4-bb13-418b-9eee-92cbc18ed846!9153eaf0277241ef38de08ea5a7adf47d08ed29144e90c2ab46da38bb02a441b21273ee3ac56e4",
    "token_type": "Bearer"
    "expires_in": 0,
    "refresh_token": "",
    "scope": "FullControl",
    "user_guid": "63d9f144-f4e1-4f9e-a49e-ba0a12892544"
}

Last update: 25 May 2023 by rp
Last update: November 2023 | © GeneXus. All rights reserved. GeneXus Powered by Globant