Invoking an Identity Service
You can use the following methods for an identity service.
- Login with provider type as Basic
- Login with provider type as OAuth/SAML
- Login with provider type as OAuth 2.0 in the same browser window
- Get Backend Token
- User Profile
- Get Provider Name
- Get Provider Type
- Logout
Login with provider type as Basic
// Sample code to authenticate to Quantum Fabric Client
var authClient = null;
var providerName = < your - provider - name > ;
var username = < uername - for -your - provider > ;
var password = < password - for -your - provider > ;
try {
authClient = client.getIdentityService(providerName);
} catch (exception) {
console.log("Exception" + exception.message);
}
authClient.login({
"userid": username,
"password": password
}, function(response) {
console.log("Login success" + JSON.stringify(response));
}, function(error) {
console.log("Login failure" + JSON.stringify(error));
});
NOTE: The client is the kony.sdk(); object.
IMPORTANT: When you select Quantum User Repository as the identity type, the system does not allow you to provide an identity name.
To use Quantum User Repository as authentication service, ensure that the value for providerName
is set as userstore
. If you set it with any other value (for example, Quantum User Repository, User Store or Cloud Repository), the system throws an error.
Login with provider type as OAuth/SAML
NOTE: For Fabric version V9 ServicePack 3 (or later), the JS SDK supports rfc7636 for OAuth providers that use PKCE in the Authorization Code grant flow. For more information, refer to PKCE Support in Fabric.
// Sample code to authenticate to Quantum Fabric Client
var authClient = null;
var providerName = < your - provider - name > ;
try {
authClient = client.getIdentityService(providerName);
} catch (exception) {
console.log("Exception" + exception.message);
}
authClient.login({},
function(response) {
console.log("Login success" + JSON.stringify(response));
}, function(error) {
console.log("Login failure" + JSON.stringify(error));
}
);
NOTE: The client is the kony.sdk(); object.
Login with provider type as OAuth 2.0 in the same browser window
-
For Fabric version V9 ServicePack 3 (or later), the JS SDK supports rfc7636 for OAuth providers that use PKCE in the Authorization Code grant flow. For more information, refer to PKCE Support in Fabric.
-
Login in the same browser window is supported for Fabric versions V9 ServicePack 3 or later.
In the earlier section (Login with provider type as OAuth/SAML), the login page of an OAuth Identity provider opens in a new window (or a new tab) on the browser. However, login in the same browser window can be enabled by using the noPopup
option in the loginOptions
.
The Fabric SDK object and the client app state are reinitialized when the browser redirects to the web app from the OAuth Login page in the same window. To avoid losing the app state and data, make sure that you store the client app data (if any) in a secure storage before invoking the Login API.
You can store the data before invoking the Login API, or by using the customDataSaveHandle
option in the loginOptions
. For more information, refer to the following code example.
In the following code snippet:
- Passing the
success_url
parameter is optional. If the value is empty,success_url
is set to the domain and path of the current window. - The
customDataSaveHandle
function is invoked before redirecting to the login page in the same window. By using the function, you can store necessary data to a local storage, and then make any required network calls.
After the specified tasks are completed, invoke thecontinueLogin
function to continue the login process. If any errors occur, invoke theabortLogin
function to abort the login process.
// Sample code to enable login in the same browser window var sdkObject = kony.sdk.getDefaultInstance(); var identityServiceObject = sdkObject.getIdentityService("<providerName>"); var options = {}; options["loginOptions"] = {}; options["loginOptions"]["noPopup"] = true; options["loginOptions"]["customQueryParamsForOAuth"] = {"success_url": "<app-url>"}; /* For example -> "https://example.com/apps/appName/" */ options["loginOptions "]["customDataSaveHandle"] = function(continueLogin, abortLogin) { var data = getData(); storeDataInLocalStorage(data); setLoginStateInServer(data, networkResponse); function networkResponse(response) { if(response.isSuccess) { continueLogin(); } else { abortLogin(); } } } function successCallback(res) { alert("Login Successful"); }; function failureCallback(err) { alert("Login failed due to: " + JSON.stringify(err)); } identityServiceObject.login(options, successCallback, failureCallback);
Use the JavaScript onload
event (or a similar event based on your web app) to complete the login process. Provide the appropriate success and failure callbacks to the kony.sdk.performNoPopUpLogin
API. The callbacks can be the same callbacks that are provided in the login API. For more information, refer to the following code example.
window.onload=function () { function loginSuccessCallback(response) { alert("Login successful."); //retrieve data stored in localstore. } function loginFailureCallback(response) { alert("Login failed due to : " + JSON.stringify(response)); } kony.sdk.performNoPopUpLogin(loginSuccessCallback, loginFailureCallback); }
Error Codes and Error Messages
Error Code | Error Message |
109 | Unable to store app verifier at middleware server. |
110 | Unable to retrieve app verifier from middleware server. |
111 | CustomDataSaveHandle should be function and should accept successCallback and failureCallback. |
112 | CustomDataSaveHandle failed by user. |
113 | The application was launched with code query param but is not a continued login process. |
114 | Login Failed. PKCE parameters are missing, please check if CORS setting is properly configured in Fabric Identity. |
116 | Appconfig is null or undefined. |
117 | No metadata was found to continue with single window login. |
118 | No Auth Code found in the Url. |
Get Backend Token
// Sample code to get backend token for provider var userid = < username_for_logged_in_provider > ; var password = < password_for_logged_in_provider > ; var forceFromServer = true / false; authClient.getBackendToken(forceFromServer, { "userid": userid, "password": password }, function(response) { console.log("Backend token is :" + JSON.stringify(response)); }, function(error) { console.log("Failed to get backend token : " + JSON.stringify(error)); });
NOTE: If forceFromServer is true, then the SDK fetches the token from the server. If forceFromServer is false, then the SDK gives you the token present in localStorage. Please note that only few backend providers such as Salesforce support refresh. If a backend provider does not support refresh, passing forceRefreshFromServer=true
would result in empty response from this API.
NOTE: The authClient is the IdentityService object.
User Profile
// Sample code to get user profile details var forceFromServer = true / false; authClient.getProfile(forceFromServer, function(response) { console.log("User profile is :" + JSON.stringify(response)); }, function(error) { console.log("Failed to fetch profile : " + JSON.stringify(error)); } );
NOTE: If forceFromServer is true, then the SDK fetches the token from the server. If forceFromServer is false, then the SDK gives you the token present in localStorage.
NOTE: The authClient is the IdentityService object.
Get Provider Name
// Sample code to get provider name Var providerName = authClient.getProviderName();
NOTE: The authClient is the IdentityService object.
Get Provider Type
// Sample code to get provider type Var providerType = authClient.getProviderType();
NOTE: The authClient is the IdentityService object.
Logout
//Sample code to logout from auth service var serviceName = "identity_service_name"; //Get an instance of the SDK var client = kony.sdk.getCurrentInstance(); var identitySvc = client.getIdentityService(serviceName); var options = {}; //Configure logout options options["logoutOptions"]["customOAuthParams"] = { "key2":"value2", "key3":"value3" }; //Invoke the logout API identitySvc.logout(function(response) { kony.print("Logout success: " + JSON.stringify(response)); }, function(error) { kony.print("Logout failure: " + JSON.stringify(error)); }, options);
NOTE: The authClient is the IdentityService object for the loggedIn provider.