Access Token


When using an OpenID Connect (OIDC) authentication method with WorkflowGen, an OAuth 2.0 access token is available for server-side .NET development. This token enables you to make requests to the GraphQL API as well as to your own APIs, depending on your provider's configuration.

For instructions on how to configure an OIDC provider with WorkflowGen, see the WorkflowGen for Azure for Azure Active Directory or the WorkflowGen Technical Guide for Active Directory Federation Services (AD FS), Auth0, and Okta.

Using an access token in web form code-behind

You can get the current user's access token from the new this.CurrentUserAccessToken() public instance method of the WorkflowPage class (available since WorkflowGen.My version 4.6.0) in order to make calls from the code-behind to WorkflowGen's GraphQL API or to your own APIs. To do this, follow the example code below:

protected void Page_Load(object sender, EventArgs e)
base.Page_Load(sender, e);
var accessToken = this.CurrentUserAccessToken();
var query = @"
query {
viewer {
using (var client = new System.Net.Http.HttpClient
BaseAddress = new System.Uri("http://localhost/wfgen/graphql")
new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json")
client.DefaultRequestHeaders.Authorization =
new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", accessToken);
var jsonQuery = Newtonsoft.Json.JsonConvert.SerializeObject(new
query = query,
operationName = "",
variables = new {}
var response = client.PostAsync(string.Empty, new System.Net.Http.StringContent(jsonQuery, System.Text.Encoding.UTF8, "application/json")).Result;
// Display the result in a web form field for debug purposes
REQUEST_DESCRIPTION.Text = response.Content.ReadAsStringAsync().Result;

There are settings that need to be added to the WebForms web.config file in order for this example to work. You must add the reference to the System.Net.Http namespace and deactivate unobtrusive validation mode. Here is a minimal web.config content that you can use:

<?xml version="1.0" encoding="UTF-8"?>
<add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
<compilation debug="false" targetFramework="4.6.1">
<add assembly="System.Net.Http, Version=, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<httpRuntime targetFramework="4.6.1" />