Invoking an Identity Service

You can use the following methods for an identity service.

• Login with provider type as Basic
• Login with provider type as OAuth/SAML
• Login with provider type as OAuth 2.0 in the same browser window
• Get Backend Token
• User Profile
• Get Provider Name
• Get Provider Type
• Logout

Login with provider type as Basic

 // Sample code to authenticate to Quantum Fabric Client

var authClient = null;
var providerName = < your - provider - name > ;
var username = < uername - for -your - provider > ;
var password = < password - for -your - provider > ;
try {
    authClient = client.getIdentityService(providerName);
} catch (exception) {
    console.log("Exception" + exception.message);
}
authClient.login({
    "userid": username,
    "password": password
}, function(response) {
    console.log("Login success" + JSON.stringify(response));
}, function(error) {
    console.log("Login failure" + JSON.stringify(error));
});

NOTE: The client is the kony.sdk(); object.

IMPORTANT: When you select Quantum User Repository as the identity type, the system does not allow you to provide an identity name.

To use Quantum User Repository as authentication service, ensure that the value for providerName is set as userstore. If you set it with any other value (for example, Quantum User Repository, User Store or Cloud Repository), the system throws an error.

Login with provider type as OAuth/SAML

NOTE: For Fabric version V9 ServicePack 3 (or later), the JS SDK supports rfc7636 for OAuth providers that use PKCE in the Authorization Code grant flow. For more information, refer to PKCE Support in Fabric.

 // Sample code to authenticate to Quantum Fabric Client
var authClient = null;
var providerName = < your - provider - name > ;
try {
    authClient = client.getIdentityService(providerName);
} catch (exception) {
    console.log("Exception" + exception.message);
}
authClient.login({},
    function(response) {
        console.log("Login success" + JSON.stringify(response));
    }, function(error) {
        console.log("Login failure" + JSON.stringify(error));
    }
);

NOTE: The client is the kony.sdk(); object.

Login with provider type as OAuth 2.0 in the same browser window

In the earlier section (Login with provider type as OAuth/SAML), the login page of an OAuth Identity provider opens in a new window (or a new tab) on the browser. However, login in the same browser window can be enabled by using the noPopup option in the loginOptions.

The Fabric SDK object and the client app state are reinitialized when the browser redirects to the web app from the OAuth Login page in the same window. To avoid losing the app state and data, make sure that you store the client app data (if any) in a secure storage before invoking the Login API.

You can store the data before invoking the Login API, or by using the customDataSaveHandle option in the loginOptions. For more information, refer to the following code example.

 

// Sample code to enable login in the same browser window

var sdkObject = kony.sdk.getDefaultInstance();
var identityServiceObject = sdkObject.getIdentityService("<providerName>");
var options = {};
options["loginOptions"] = {}; 

options["loginOptions"]["noPopup"] = true; 

options["loginOptions"]["customQueryParamsForOAuth"] = {"success_url": "<app-url>"};
/* For example -> "https://example.com/apps/appName/" */

options["loginOptions "]["customDataSaveHandle"] = function(continueLogin, abortLogin)
{
var data = getData();
storeDataInLocalStorage(data);
setLoginStateInServer(data, networkResponse);

function networkResponse(response)
{
	if(response.isSuccess)
	{
	continueLogin();
	}
	else
	{
	abortLogin();
	}
}
}

function successCallback(res)
{
   alert("Login Successful");
};

function failureCallback(err)
{
   alert("Login failed due to: " + JSON.stringify(err));
}

identityServiceObject.login(options, successCallback, failureCallback);

 

Use the JavaScript onload event (or a similar event based on your web app) to complete the login process. Provide the appropriate success and failure callbacks to the kony.sdk.performNoPopUpLogin API. The callbacks can be the same callbacks that are provided in the login API. For more information, refer to the following code example.

window.onload=function ()
{
function loginSuccessCallback(response)
{
	alert("Login successful.");
	//retrieve data stored in localstore. 
}

function loginFailureCallback(response)
{
	alert("Login failed due to : " + JSON.stringify(response));
}

kony.sdk.performNoPopUpLogin(loginSuccessCallback, loginFailureCallback);
}

Error Codes and Error Messages

Error Code	Error Message
109	Unable to store app verifier at middleware server.
110	Unable to retrieve app verifier from middleware server.
111	CustomDataSaveHandle should be function and should accept successCallback and failureCallback.
112	CustomDataSaveHandle failed by user.
113	The application was launched with code query param but is not a continued login process.
114	Login Failed. PKCE parameters are missing, please check if CORS setting is properly configured in Fabric Identity.
116	Appconfig is null or undefined.
117	No metadata was found to continue with single window login.
118	No Auth Code found in the Url.

 

Get Backend Token

// Sample code to get backend token for provider
var userid = < username_for_logged_in_provider > ;
var password = < password_for_logged_in_provider > ;
var forceFromServer = true / false;
authClient.getBackendToken(forceFromServer, {
    "userid": userid,
    "password": password  
}, function(response) {
    console.log("Backend token is  :" + JSON.stringify(response));  
}, function(error) {    
    console.log("Failed to get backend token : " + JSON.stringify(error));
});

NOTE: If forceFromServer is true, then the SDK fetches the token from the server. If forceFromServer is false, then the SDK gives you the token present in localStorage. Please note that only few backend providers such as Salesforce support refresh. If a backend provider does not support refresh, passing forceRefreshFromServer=true would result in empty response from this API.

NOTE: The authClient is the IdentityService object.

User Profile

 // Sample code to get user profile details
var forceFromServer = true / false;
authClient.getProfile(forceFromServer,
    function(response) {
        console.log("User profile is  :" + JSON.stringify(response));
    }, function(error) {
        console.log("Failed to fetch profile : " + JSON.stringify(error));
    }
);

NOTE: If forceFromServer is true, then the SDK fetches the token from the server. If forceFromServer is false, then the SDK gives you the token present in localStorage.

NOTE: The authClient is the IdentityService object.

Get Provider Name

 // Sample code to get provider name
Var providerName = authClient.getProviderName();

NOTE: The authClient is the IdentityService object.

Get Provider Type

 // Sample code to get provider type
Var providerType = authClient.getProviderType();

NOTE: The authClient is the IdentityService object.

Logout

//Sample code to logout from auth service

var serviceName = "identity_service_name";

//Get an instance of the SDK
var client = kony.sdk.getCurrentInstance();
var identitySvc = client.getIdentityService(serviceName);
var options = {};

//Configure logout options
options["logoutOptions"]["customOAuthParams"] =
{
	"key2":"value2",
	"key3":"value3"
};

//Invoke the logout API
identitySvc.logout(function(response)
{
	kony.print("Logout success: " + JSON.stringify(response));
}, function(error)
{
	kony.print("Logout failure: " + JSON.stringify(error));
}, options);

NOTE: The authClient is the IdentityService object for the loggedIn provider.