Access Token

Overview

When using an OpenID Connect (OIDC) authentication method with WorkflowGen, an OAuth 2.0 access token is available for server-side .NET development. This token enables you to make requests to the GraphQL API as well as to your own APIs, depending on your provider's configuration.

For instructions on how to configure an OIDC provider with WorkflowGen, see the WorkflowGen for Azure guide for Microsoft Entra ID (formerly Azure Active Directory) or the WorkflowGen Technical Guide for Active Directory Federation Services (AD FS), Auth0, and Okta.

Using an access token in web form code-behind

You can get the current user's access token from the new this.CurrentUserAccessToken() public instance method of the WorkflowPage class (available since WorkflowGen.My version 4.6.0) in order to make calls from the code-behind to WorkflowGen's GraphQL API or to your own APIs. To do this, follow the example code below:

protected void Page_Load(object sender, EventArgs e)
{
    base.Page_Load(sender, e);
    
    var accessToken = this.CurrentUserAccessToken();
    
    var query = @"
query {
  viewer {
    firstName
    lastName
    userName
  }
}
";

    using (var client = new System.Net.Http.HttpClient
    {
        BaseAddress = new System.Uri("http://localhost/wfgen/graphql")
    })
    {
        client.DefaultRequestHeaders.Accept.Clear();
        client.DefaultRequestHeaders.Accept.Add(
            new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json")
        );
        client.DefaultRequestHeaders.Authorization =
            new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", accessToken);

        var jsonQuery = Newtonsoft.Json.JsonConvert.SerializeObject(new
        {
            query = query,
            operationName = "",
            variables = new {}
        });
        var response = client.PostAsync(string.Empty, new System.Net.Http.StringContent(jsonQuery, System.Text.Encoding.UTF8, "application/json")).Result;

        response.EnsureSuccessStatusCode();

        // Display the result in a web form field for debug purposes
        REQUEST_DESCRIPTION.Text = response.Content.ReadAsStringAsync().Result;
    }
}

There are settings that need to be added to the WebForms web.config file in order for this example to work. You must add the reference to the System.Net.Http namespace and deactivate unobtrusive validation mode. Here is a minimal web.config content that you can use:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <appSettings>
        <add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
    </appSettings>
    <system.web>
        <compilation debug="false" targetFramework="4.6.1">
            <assemblies>
                <add assembly="System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
            </assemblies>
        </compilation>
        <httpRuntime targetFramework="4.6.1" />
    </system.web>
</configuration>