Using Xena API

The basic flow looks like this:

1. The user enters your app.

2. The user encounters a place in your application where he wants to use Xena API.

3. He will be forced to login into the Xena.

4. After successful login, he will be transferred back to your app with tokens.

5. Your app can communicate with the Xena API by passing the user access_token.

See our github samples here. For more see Identity Server sample clients.

Creation

Firstly your app needs to be registered in Xena

Then open the app and go to tab 'OAuth'.

Click on the link to Connect, and create a new client:

You won't be able to change the grant type later

Client Id - Unchangeable id that your app will be recognized in Xena (whole string with .xena.biz). Name - Your app name that will be shown to the user in the consent screen. Client Uri - link to your terms of service and privacy policy during user login.

Settings:

• Enabled - you can enable/disable your connection with the app.

• Browser access - allows obtaining the access_token through front channel communication.

• Off-line access - Used in hybrid flow to obtain refresh_token that can be exchanged for access_token without user interaction.

Supported grant types:

• Implicit - mainly for browser-based applications.

• Hybrid - for applications with backend where the server will communicate with the Xena API.

Configuration

After the client creation, you will be transferred to the edit window with a few new settings:

• Scopes - Available scopes for your app. The testapi scope is required for Xena API communication.

• RedirectUri - The uri of your oidc login endpoint. These must match in client and configuration. (For ASP default path is yourapp.com/signin-oidc)

• Post Logout Redirect Uri - After the user logs out, he will be transferred back to your app. (For ASP default path is yourapp.com/signout-callback-oidc)

• Secrets - auto-generated secret for your app (hybrid flow)