-
Notifications
You must be signed in to change notification settings - Fork 65
FortnoxAuth
This authorization workflow is more complex, however, it is more secure and commonly used for all types of integrations on the web. Please read the basics about OAuth2 here.
Since this authorization workflow requires web app and browser interaction, it can not be fully supported through SDK. However, the SDK provides helper methods to hide the protocol details.
To access these helper methods, simply create the FortnoxAuthClient class.
var fortnoxAuthClient = new FortnoxAuthClient();
var authWorkflow = fortnoxAuthClient.StandardAuthWorkflow;- Build the activation URL. This will create the URL which the end-user should be redirected to in order to initialize the OAuth workflow.
var authUri = authWorkflow.BuildAuthUri(clientId, scopes, state, redirectUri);- Exchange authorization-code for access-token and refresh-token
var tokenInfo = await authWorkflow.GetTokenAsync(authorizationCode, clientId, clientSecret, redirectUri);
var accessToken = tokenInfo.AccessToken;
var refreshToken = tokenInfo.RefreshToken;- Exchange refresh-token for new access-token and refresh-token
var tokenInfo = await authWorkflow.RefreshTokenAsync(refreshToken, clientId, clientSecret);
var accessToken = tokenInfo.AccessToken;
var refreshToken = tokenInfo.RefreshToken;The access token retrieved this way has JWT format. It can be decoded to retrieve some metadata, for instance its expiration date.
You first need to obtain API-code (authorization code) by enabling your app (integration) in the end-user Fortnox portal. The API-code can then be easily exchanged for the non-expiring access token.
The exchange can be done easily by using FortnoxAuthClient class.
var fortnoxAuthClient = new FortnoxAuthClient();
var authWorkflow = fortnoxAuthClient.StaticTokenAuthWorkflow;
var accessToken = await authWorkflow.GetTokenAsync(authorizationCode, clientSecret);Both API-code and access token obtained this way has GUID format, e.g. e9e0d701-ef0b-4f3d-b8a5-21294de94c57.
Important: the access token does never expire.
You can inject your own HttpClient to FortnoxAuthClient through the constructor or a property. By doing this, you can handle the low-level connection settings or inject a connection mock.
var customHttpClient = new HttpClient()
{
Timeout = TimeSpan.FromSeconds(10)
// Other HTTP client configuration...
};
var fortnoxAuthClient = new FortnoxAuthClient(authorization, customHttpClient);