CommunityForgeAssets listOAuth Token Exchange
oauth-token-exchange
Service icon

OAuth Token Exchange

Stable version 1.1.0 (Compatible with OutSystems 11)
Uploaded
 on 05 May 2024
 by 
0.0
 (0 ratings)
oauth-token-exchange

OAuth Token Exchange

Documentation
1.0.0

This component consists of the following modules

  • OAuth_TokenExchange_EXT - Extension wrapping IdentiyModel.
  • OAuth_TokenExchange_IS - The app facing side of the wrapper. Add dependency to this module only.


Actions in the IS module

OAuth_AuthorizationCodeToken

Exchanges an Authorization Code grant for an access token and optional refresh and identity token. (Based on requested scopes). Please note that this action only exchanges an already existing code.

Input

  • TokenEndpointUrl - The full url to the token endpoint of the OAuth 2.0 compatible Authorization server
  • ClientId - Client Identifier of your registered application with the authorization server
  • ClientSecret - Client secret of your registered application with the authorization server
  • Code - the Authorization Code grant you received after the successful redirect from the authorization server back to your application
  • CodeVerifier - The generated code verifier for Proof Key Code Exchange flow.
  • RedirectUri - The used redirect uri during the Authorization Code flow (must also be registered with the authorization server)


Output

  • IsSuccess - True if the operation was successful. Otherwise, false and Error structure is populated.


  • Access Token - The access token
  • Token Type - Type of the token (eg. Bearer). Is also the prefix when requesting resources in the Authorization Header.
  • ExpiresIn - Seconds until the access token expires
  • ExpiresOn - The calculated Expiry DateTime from ExpiresIn.
  • RefreshToken - The refresh token. May be optional.
  • IdentityToken - The identity token. May be optional.
  • Scope - The space delimited scopes available for the access token.


OAuth_ClientCredentialsToken

Exchanges Client Identifier and Client Secret for an application based access token.

Input

  • TokenEndpointUrl - The full url to the token endpoint of the OAuth 2.0 compatible Authorization server
  • ClientId - Client Identifier of your registered application with the authorization server
  • ClientSecret - Client secret of your registered application with the authorization server
  • Scope - Space delimited list of scopes requested


Output

  • IsSuccess - True if the operation was successful. Otherwise, false and Error structure is populated.


  • Access Token - The access token
  • Token Type - Type of the token (eg. Bearer). Is also the prefix when requesting resources in the Authorization Header.
  • ExpiresIn - Seconds until the access token expires
  • ExpiresOn - The calculated Expiry DateTime from ExpiresIn.
  • RefreshToken - Not available in client credentials flow.
  • IdentityToken - Not available in client credentials flow.
  • Scope - May not be available in client credentials flow.


OAuth_IntrospectToken

Sends a given access token to the introspection endpoint of an authorization server for verification.

Input

  • IntrospectionEndpointUrl - The introspection endpoint url of the authorization server
  • ClientId - Client Identifier of your registered application with the authorization server
  • ClientSecret - Client secret of your registered application with the authorization server
  • AccessToken - The access token to validate


Output

  • IsSuccess - True if the operation was successful. Otherwise, false and Error structure is populated.


  • IsActive - True if the sent access token is still valid.


OAuth_RefreshToken

Exchange a refresh token for a new access token and (optional) new refresh token.

Input

  • TokenEndpointUrl - The full url to the token endpoint of the OAuth 2.0 compatible Authorization server
  • ClientId - Client Identifier of your registered application with the authorization server
  • ClientSecret - Client secret of your registered application with the authorization server
  • CurrentRefreshToken - The refresh token to use to request a new access token.


Output

  • IsSuccess - True if the operation was successful. Otherwise, false and Error structure is populated.


  • Access Token - The access token
  • Token Type - Type of the token (eg. Bearer). Is also the prefix when requesting resources in the Authorization Header.
  • ExpiresIn - Seconds until the access token expires
  • ExpiresOn - The calculated Expiry DateTime from ExpiresIn.
  • RefreshToken - The refresh token. May be optional.
  • IdentityToken - Not available in Refresh Token
  • Scope - May not be available in Refresh Token.


OAuth_RevokeToken

Revoke an access token at the authorization server.

Input

  • TokenEndpointUrl - The full url to the token endpoint of the OAuth 2.0 compatible Authorization server
  • ClientId - Client Identifier of your registered application with the authorization server
  • ClientSecret - Client secret of your registered application with the authorization server
  • AccessToken - The access token to revoke


Output

  • IsSuccess - True if the operation was successful. Otherwise, false and Error structure is populated.


OAuth_ProofKeyCode

Generates code verifier and challenge for Proof Key Code Exchange Authorization flow

Output

  • CodeVerifier - The verification code sent with Authorization flow code exchange (PKCE)
  • CodeChallenge - The challenge sent when redirecting the user to the authorization server
  • CodeChallengeMethod - The method used to hash the challenge (only S256 (SHA-256)) supported.