This repository contains a sample client application, demonstrating the implementation of two OAuth2 authorization grant flows for FusionFabric.cloud:
authorization code
, mandatory forB2C
, andB2E
channel type APIs;client credentials
, mandatory forB2B
, andSERVICE
channel type APIs.
For more information about FusionFabric.cloud API offer, see the documentation.
To run this sample you need a recent installation of .NET SDK. To find out more about it, and how to install .NET SDK, follow the .NET Tutorial for your operating system.
-
Register an application on FusionCreator, and include the following APIs:
- Account Information (US) - to work the Authorization Code grant flow.
- Clock Service - to work the Client Credentials grant flow.
-
Clone the current project.
-
Copy
appsettings.json
toappsettings.Developement.json
, open it, and enter the appropriate values for the following parameters:Finastra.Oauth2Configuration.B2B
andFinastra.Oauth2Configuration.B2C
:ClientId
- the client ID of the corresponding API channel type.ClientSecret
- the secret key of the corresponding API channel type.
You find these values in the application details page of the application that you created at step 1. For more information about how to generate the secrets, see FusionCreator Documentation.
Finastra.Oauth2Configuration.ClientAuthenticationMethod
: enterclient_secret
to enable the standard OAuth2 authorization flow. For more details, see FusionCreator Documentation.
The
TokenEndpoint
,AuthorityEndpoint
, andIssuer
values provided by the Discovery service of FusionCreator. -
(Optional) If you want to use private key authentication, instead of the standard authentication based on secret value, follow the steps from the next section - Private Key Configuration, to sign and upload a JSON Web Key to your application, and save the private RSA key in src/Keys/private.der. Edit
appsettings.Development.json
as follows:- Set
Finastra.Oauth2Configuration.ClientAuthenticationMethod
toprivate_key_jwt
. - Make sure
JwkKeyId
of eitherFinastra.Oauth2Configuration.B2B
orFinastra.Oauth2Configuration.B2C
, or both, is set to the key ID -kid
- of the JWK you uploaded to Developer Portal.
To read more about private key authentication on FusionCreator, see the documentation.
- Set
-
Open a Command Prompt or a Terminal in this directory and run the following commands:
dotnet build dotnet run
-
Point your browser to https://localhost:5000. The homepage of sample application opens. The configuration for the home URL is stored in Properties/launchSettings.json.
-
(Optional) Click one of the two buttons at the bottom of the cards: Call B2B or Call B2C.
-
When you call the B2C API, you are prompted to authenticate with the Authorization Server of FusionFabric.cloud. Use one of the following credentials:
User Password ffdcuser1
123456
ffdcuser2
123456
You need to generate a pair of public and private SSL keys, and store the public key in a JWK that you upload to your application on FusionCreator. Follow the steps from FusionCreator documentation to do so.
In addition to that, you must store the private key in the DER format, for compatibility with ASP.NET.
Run the following command:
openssl rsa -inform PEM -in private.key -outform DER -out private.der
NOTES:
- Store your private key away from public storage, like source control.
- If you need to enable a stronger security, you can use password protected, encrypted private and public keys.
This sample client application is released under the MIT License. See LICENSE for details.