-
Notifications
You must be signed in to change notification settings - Fork 3
Authentication: Resource owner password flow
Håkon André Knudsen edited this page Sep 25, 2019
·
2 revisions
Because the resource owner’s password is exposed to the application, this flow should be used sparingly. It is recommended only for first-party “official” applications released by JHC. If this flow is used to access a customer’s resources (CNT) it would be OK to use this flow also for third-party applications.
In this flow the client itself ask the user for their username and password. The application then makes either a client side or server side request to the RamBase authorization server. If the username and password is correct you will get back an access token.
try
{
await rbApi.LoginAsync(username, password);
}
catch (OtpRequiredException ex)
{
//If a one time password is required the user will receive it via email or text-message.
//We sign in again with the provided username, password and the one time password
//You should place your logic for fetching the OTP here
await rbApi.LoginWithOtpAsync(username, password, otp);
}
catch (TargetRequiredException ex)
{
//If the user has access to more than one target system we need to send in the target that
//we want to sign in to. The exception contains a list of available target in ex.Targets
//You should plave your logic for selecting the target system here
await rbApi.LoginWithTargetAsync(username, password, target);
}
catch (LoginException ex)
{
//We will end up here if login fails, for example due to bad credentials
throw ex;
}