Implicit Flow Authorization Example

This example provides code for getting an access token using the Implicit Flow.

Prerequisites

Code Example (C#)

This example differs from the FormPost example in the following ways:

  • The HandleToken endpoint accepts GET requests
  • The HandleToken endpoint returns a view; the URL of this view contains the access token as a URL fragment, denoted by a hash (#) character
  • The token is retrieved from the page URL by JavaScript

The example below is for a ASP.NET web application project, connecting to an on-premise instance of HotDocs Advance.

Controller

The AuthController controller file. The returnUrl value must match the return URL for the specified client (the client's return URL is set when creating your API client).

using Microsoft.AspNetCore.Mvc;
namespace HotDocsAdvanceApiExamples.Controllers
{
    public class AuthController : Controller
    {
        public ActionResult Implicit()
        {
            // The name of client making the request, created through the Advance Client Management application
            const string clientName = "ab3e4544-b595-4681-b0ea-c7c18c9b63f6";
            // The endpoint for retrieving the access token
            const string requestUrl = "https://yourtenancy.yourorganization.com/HdaAuth/Authorize/LogIn";
           
            // The endpoint (HandleToken, below) in your application to which the token is returned            
            const string returnUrl = "https://yourorganization.com/YourApplication/Auth/HandleToken";
           
            // The type of response, containing the access token, returned from Advance            
            const string responseMode = "Fragment";
           
            // The completed request URL, using the values specified above. You then redirect to the Advance login page            
            return Redirect($"{requestUrl}?clientName={clientName}&returnUrl={returnUrl}&responseMode={responseMode}");      
        }    
       
        [HttpGet]        
        public ActionResult HandleToken()  
        {                
            return View();
        }
    }
}

View

The HandleToken view. In this example, the token is retrieved from the URL and placed in a text area for you to view. From this page, the token can then be used when making requests to the Advance API.

<textarea id="token"></textarea>
<script type="text/javascript">
     // Display the token in the textarea.
     document.getElementById("token").value = window.location.hash;
</script>