Genesys Cloud - Developer Community!

 View Only

Sign Up

  • 1.  How can we convert a C# Fat Client's Login method from Implicit Grant to PKCE?

    Posted 18 days ago

    Hi,

    We have written a .NET fat client application (with UI) which access the Genesys Cloud using the Implicit Grant OAuth method.

    As this "Implicit Grant" is deprecated, we want to convert the app to use the PKCE OAuth flow. The documentation in the .NET SDK, however, is not really clear to me - is there a working example code for .NET which shows us how to use the PKCE OAuth method?

    Thanks in advance,

    Wolfgang Liebich


    #PlatformSDK

    ------------------------------
    Wolfgang Liebich
    ------------------------------


  • 2.  RE: How can we convert a C# Fat Client's Login method from Implicit Grant to PKCE?

    Posted 18 days ago
    Hello,

    With PKCE, the OAuth flow will be a two-step process.
    There are some "helpers" methods available in the Platform API SDK for .Net - See the PKCE Grant section in README

    I assume that currently, with Implicit Grant, you are opening the following url: "https://login.{Environment}/oauth/authorize?client_id={ClientId}&redirect_uri={RedirectUri}&response_type=token" (where Environment=mypurecloud.com or mypurecloud.ie or ...).
    You may also be adding some of the optional OAuth parameters:
    • "&org={Org}&provider={Provider}"
    • "&state={State}"
    • "&prompt=login"
    When you get the redirect, you are checking if "error" appears as hash parameter or as query parameter (which means the OAuth was unsuccesful), or if "access_token" appears as hash parameter (that you can then retrieve and use for your next Platform API requests).

    With PKCE, as written above, it is a two-step process - similar to the OAuth Authorization Code flow.

    You will first need to generate a Code Verifier and compute its Code Challenge.
    There are some helpers in the SDK:
    codeVerifier = Configuration.Default.ApiClient.GeneratePKCECodeVerifier(128);
    codeChallenge = Configuration.Default.ApiClient.ComputePKCECodeChallenge(codeVerifier);

    Then open the /oauth/authorize url (like for Implicit Grant), but with the following parameters (passing the code challenge value): "https://login.{Environment}/oauth/authorize?client_id={ClientId}&redirect_uri={RedirectUri}&response_type=code&code_challenge={HttpUtility.UrlEncode(codeChallenge)}&code_challenge_method=S256"
    You may also be adding some of the optional OAuth parameters:
    • "&org={Org}&provider={Provider}"
    • "&state={State}"
    • "&prompt=login"
    When you get the redirect, you can if "error" appears as hash parameter or as query parameter (which means the OAuth was unsuccessful), or if "code" appears as query parameter.
    Once you have retrieved the code, you can then request the access token (/oauth/token endpoint). You need the retrieved code, the code verifier and the clientId (no need for client secret). You can use the existing PostTokenPKCE method from the SDK:
    var accessTokenInfo = Configuration.Default.ApiClient.PostTokenPKCE(clientId, redirectUri, codeVerifier, authCode);
    Console.WriteLine("Access token=" + accessTokenInfo.AccessToken);

    Hope this clarifies.

    Regards,


    ------------------------------
    Jerome Saint-Marc
    Senior Development Support Engineer
    ------------------------------

    Original Message


  • 3.  RE: How can we convert a C# Fat Client's Login method from Implicit Grant to PKCE?

    Posted 17 days ago

    Hello,

    thank you, this helps me to get started with the problem.

    Yes - it clarified things, thank you for your lucid explanation.

    Regards,

    Wolfgang Liebich



    ------------------------------
    Wolfgang Liebich
    ------------------------------

    Original Message


Related Content