Skip to content

Authentication: Resource owner password flow

Håkon André Knudsen edited this page Sep 25, 2019 · 2 revisions

Because the resource owner’s password is exposed to the application, this flow should be used sparingly. It is recommended only for first-party “official” applications released by JHC. If this flow is used to access a customer’s resources (CNT) it would be OK to use this flow also for third-party applications.

In this flow the client itself ask the user for their username and password. The application then makes either a client side or server side request to the RamBase authorization server. If the username and password is correct you will get back an access token.

try
{
    await rbApi.LoginAsync(username, password);
}
catch (OtpRequiredException ex)
{
    //If a one time password is required the user will receive it via email or text-message.
    //We sign in again with the provided username, password and the one time password
    //You should place your logic for fetching the OTP here
    await rbApi.LoginWithOtpAsync(username, password, otp);
}
catch (TargetRequiredException ex)
{
    //If the user has access to more than one target system we need to send in the target that
    //we want to sign in to. The exception contains a list of available target in ex.Targets
    //You should plave your logic for selecting the target system here
    await rbApi.LoginWithTargetAsync(username, password, target);
}
catch (LoginException ex)
{
    //We will end up here if login fails, for example due to bad credentials
    throw ex;
}