Implicit Flow Authorization Example
This example provides code for getting an access token using the Implicit Flow.
Prerequisites
- Create a new API client – you must have an existing API client that uses the Implicit flow
Code Example (C#)
This example differs from the FormPost example in the following ways:
- The HandleToken endpoint accepts GET requests
- The HandleToken endpoint returns a view; the URL of this view contains the access token as a URL fragment, denoted by a hash (#) character
- The token is retrieved from the page URL by JavaScript
The example below is for a ASP.NET web application project, connecting to an on-premise instance of HotDocs Advance.
Controller
The AuthController controller file. The returnUrl value must match the return URL for the specified client (the client's return URL is set when creating your API client).
using Microsoft.AspNetCore.Mvc;
namespace HotDocsAdvanceApiExamples.Controllers
{
public class AuthController : Controller
{
public ActionResult Implicit()
{
// The name of client making the request, created through the Advance Client Management application
const string clientName = "ab3e4544-b595-4681-b0ea-c7c18c9b63f6";
// The endpoint for retrieving the access token
const string requestUrl = "https://yourtenancy.yourorganization.com/HdaAuth/Authorize/LogIn";
// The endpoint (HandleToken, below) in your application to which the token is returned
const string returnUrl = "https://yourorganization.com/YourApplication/Auth/HandleToken";
// The type of response, containing the access token, returned from Advance
const string responseMode = "Fragment";
// The completed request URL, using the values specified above. You then redirect to the Advance login page
return Redirect($"{requestUrl}?clientName={clientName}&returnUrl={returnUrl}&responseMode={responseMode}");
}
[HttpGet]
public ActionResult HandleToken()
{
return View();
}
}
}
View
The HandleToken view. In this example, the token is retrieved from the URL and placed in a text area for you to view. From this page, the token can then be used when making requests to the Advance API.
<textarea id="token"></textarea>
<script type="text/javascript"> // Display the token in the textarea. document.getElementById("token").value = window.location.hash; </script>