Implicit Flow Authorization Example

This example provides code for getting an access token using the Implicit Flow.

Prerequisites

Create a new API client – you must have an existing API client that uses the Implicit flow

Code Example (C#)

This example differs from the FormPost example in the following ways:

The HandleToken endpoint accepts GET requests
The HandleToken endpoint returns a view; the URL of this view contains the access token as a URL fragment, denoted by a hash (#) character
The token is retrieved from the page URL by JavaScript

The example below is for a ASP.NET web application project, connecting to an on-premise instance of HotDocs Advance.

Controller

The AuthController controller file. The returnUrl value must match the return URL for the specified client (the client's return URL is set when creating your API client).

using System.Web.Mvc;

namespace HotDocsAdvanceApiExamples.Controllers
{
    public class AuthController : Controller
    {
        public ActionResult Implicit()
        {
            // The name of client making the request, created through the Advance Client Management application
            var clientName = "ab3e4544-b595-4681-b0ea-c7c18c9b63f6";
            // The endpoint for retrieving the access token
            var requestUrl = "https://yourtenancy.yourorganization.com/HdaAuth/Authorize/LogIn";

            // The endpoint (HandleToken, below) in your application to which the token is returned
            var returnUrl = "https://yourorganization.com/YourApplication/Auth/HandleToken";
            // The type of response, containing the access token, returned from Advance
            var responseMode = "Fragment";
            // The completed request URL, using the values specified above. You then redirect to the Advance login page
            var url = string.Format("{0}?clientName={1}&returnUrl={2}&responseMode={3}", requestUrl, clientName, returnUrl, responseMode);
            return Redirect(url);
        }
        [HttpGet]
        public ActionResult HandleToken()
        {            
            return View();
        }
    }
}

View

The HandleToken view. In this example, the token is retrieved from the URL and placed in a text area for you to view. From this page, the token can then be used when making requests to the Advance API.

<textarea id="token"></textarea>

<script type="text/javascript">
     // Display the token in the textarea.
     document.getElementById("token").value = window.location.hash;
</script>