How to use System User Client
The WebAPI client library supports the System User flow. The client makes it very easy to call the online PartnerSystemUserService endpoint, validate the JWT and return the claims it contains.
The JWT contains a lot of information, however, it's usually just the Ticket credential that is interesting. Therefore, SuperOffice.WebApi simplifies calling the service, validating the response, and then returning the ticket in a single method call.
Warning
Do not ask for a System User Ticket every single time you invoke an Agent method! This is a performance penalty. Take advantage of the 6-hour window and only ask for a new Ticket when absolutely necessary!
SystemUserClient
Use the SystemUserClient
class, located in the SuperOffice.WebApi.IdentityModel
namespace.
The constructor accepts a SystemUserInfo
instance and contains all of the information required to submit a request to the partnersystemuserservice.svc endpoint.
SystemUserInfo properties
Property | Description |
---|---|
Environment | The online environment (SOD, Stage, Production. |
ContextIdentifier | The tenant, or customer, identity. |
ClientSecret | The application secret, a.k.a. client_secret. |
PrivateKey | The applications RSAXML private certificate value. |
SystemUserToken | The SystemUser token, issued during app approval. |
Generate and send request
Given the required information, the SystemUserClient
can generate and send a request to the service, then receive and validate the response.
var sysUserClient = new SystemUserClient(systemUserInfo);
var sysUserJwt = await sysUserClient.GetSystemUserJwtAsync();
var sysUserTkt = await sysUserClient.GetSystemUserTicketAsync();
The GetSystemUserJwtAsync only returns the JWT, wrapped in a SystemUserResult
. It does not validate or extract any claims.
The GetSystemUserTicketAsync, validates the returned JWT, populates the SystemUserClient.ClaimsIdentity
property, and returns the SOTicket credential.
JWT validation
GetSystemUserTicketAsync
is what consumers will use 99.9 percent of the time, but if there is a desire to skip the convenience, there are two alternatives for performing JWT validation.
Alternative 1:
Use the ValidateSystemUserResult
method, and get back a TokenValidationResult
.
This method also populates the SystemUserClient.ClaimsIdentity
property. This method is used by GetSystemUserTicketAsync
.
var tokenValidationResult = await sysUserClientValidateSystemUserResultAsync(systemUserResult);
Alternative 2:
Manually perform validation and extract claims, the SystemUserClient
uses the JwtTokenHandler
, located in the SuperOffice.WebApi.IdentityModel
namespace.
var handler = new SystemUserTokenHandler(
new System.Net.Http.HttpClient(), // HttpClient instance.
OnlineEnvironment.SOD // target online environment (SOD, Stage, or Production)
);
var tokenValidationResult = await handler.ValidateAsync(sysUserJwt.Token);
The SystemUserTokenHandler.ValidateAsync
method returns a TokenValidationResult
, a Microsoft datatype located in the Microsoft.IdentityModel.JsonWebTokens namespace, in the Microsoft.IdentityModel.JsonWebTokens
assembly.