Xena Developer
Xena Developer
Site
Sign in
Introduction
The possibilities
Development
Get started
Become a developer
Register your app
The Xena API
Authorization
Using OAuth
Using Xena Api with OAuth
Using WebHooks
Using MetaData and CustomData
Using Websync
Using Xena API Key
Creating plugins
Samples
API documentation
User interface
Use our stylesheet
Design Guide
Powered by GitBook

Using OAuth

Essentials on OAuth integration.

See Identity.Server.Sample.Dotnet for a sample project.

Please refer to the github repository for the code in its entirety. This sample is written in C# .NET core 2 and can be run via Docker.

First off we need to add the OpenId middleware to authentication configuration in startup.cs:

startup.cs
 .AddOpenIdConnect(AuthenticationConstants.XenaOidcAuthenticationScheme, options =>
    {
        options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.ResponseType = AuthenticationConstants.OidcResponseType;
​
        options.SignedOutRedirectUri = "/Home/LogoutRedirect";
​
        options.Authority = authConfiguration.Authority;
        options.ClientId = authConfiguration.ClientId;
        options.ClientSecret = authConfiguration.ClientSecret;
​
        options.SaveTokens = true;
        options.RequireHttpsMetadata = false;
        options.GetClaimsFromUserInfoEndpoint = true;
​
        options.Scope.Add("profile"); 
        options.Scope.Add("testapi");
        options.Scope.Add("offline_access");
​
        options.ClaimActions.MapJsonKey(JwtClaimTypes.PreferredUserName, JwtClaimTypes.PreferredUserName);
    }

All the configuration is set in appsettings.Development.json

When user hit any method/controller with [Authorize] attribute he will be forced to authenticate. In our examples default challenge scheme is Xena. The user will be transfered to login page and after correct login will return to your app with tokens.

To communicate with the Xena API you will need to send access_token with each call in headers.

Application access_token lifetime is set to 60 minutes but cookie for your app can be different. For better user experience the app can use refresh_token to get new access_tokens.

In the sample we use automatic silent renew middleware that checks and refreshes the token if needed with each call.

API call

In sample in XenaService.cs we show three API calls. The user can get data about his fiscal, Xena membership and apps that he is subscribed to.

XenaService.cs
[Authorize]
public async Task<IActionResult> ApiExample()
{
    HttpClient client = await SetupClientWithToken();
    var result = await client.GetStringAsync($"{_apiEndpoints.Xena}/User/FiscalSetup?forceNoPaging=true");
    return result;
}
Previous
Authorization
Next
Using Xena Api with OAuth
Last updated 12 months ago
Edit on GitHub