How to get a security token ?

Estimated reading: 6 minutes 507 views

The VG Identity Server provides various methods to obtain a security token, granting access to your VG application. Here’s how to get started:

1. Define Platform Authentication:

Before requesting a token, your VG application requires a configured platform authentication. This sets the ground rules for secure communication.

2. Making the Authentication Request:

Once the platform authentication is in place, your application can initiate the token request by sending an HTTPS POST request. This triggers the authentication process on the Identity Server.

Explore the different authentication methods below:

Following section contains list of possible http post variables for authentication methods

Post VariableDescriptionValue
client_idWhat Platform is used to authenticate the user
The name is <application id>_<Platform mode>
Like ADCC6B64-8577-4993-B934-77B9A5BA157B_Native
scopeScope is a mechanism in OAuth 2.0 to limit an application’s access to a user’s account. An application can request one or more scopes, this information is then presented to the user in the consent screen, and the access token issued to the application will be limited to the scopes granted.

The OAuth spec allows the authorization server or user to modify the scopes granted to the application compared to what is requested, although there are not many examples of services doing this in practice.
OAuth does not define any particular values for scopes, since it is highly dependent on the service’s internal architecture and needs.
openid
profile
VGActivityDate
VGApplications
VGDeveloper
VGIsApproved
VGIslocked
VGPermissions
VGProfile
VGRoles
VGToken
IdentityServerAPI
offline_access
client_secretYou need to use one secret of your VGIdentityServerClient
grant_typeDefine the type of authentification controllerVGAuthenticator
VGAuthenticationModuleDefine the type of authenticationVGUser
WindowsByCredential
Passwordless
UsernameThis variable is used for the account type:
Visual-Guard, Windows by credentials, etc..
PasswordThis variable is used when the account has password
AuthenticationRequestIdRequestId of the selected mfa available method (Guid). Once you authenticate with first factor authentication, available options will be shown in the response
MFAAvailableIdId of the selected mfa available method (Guid). Once you authenticate with first factor authentication, available options will be shown in the response
MFASecureCodeMFA Secure Code (OTP), that you might have received for multi factor authentication

Please find below the example responses for authentication procedure.

  1. Success response
  • acccess_token is your secure token
  • expires_in is duration of the token
  • token_type is always Bearer Token
  • scope define what this token have access
  • VGReponse is the response of VGSecurityRuntime
    • AuthenticationState is the status of the authentication
    • AuthorizationState is the state of your current request
    • Error is set if VGSecurityRuntime get an error
    • VGToken is your internal security token
{
    "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjIxODRFQzQ1MDMzMEM1QURFOTRDQjNBOUY5QjE1NkQwQkE5REE1NTBSUzI1NiIsInR5cCI6ImF0K2p3dCIsIng1dCI6IklZVHNSUU13eGEzcFRMT3AtYkZXMExxZHBWQSJ9.eyJuYmYiOjE3MDc4MTE1MzIsImV4cCI6MTcwNzgxMzMzMiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwIiwiY2xpZW50X2lkIjoiMThkZThjZTctODBlNy00YzY2LWE2NzItNGZmYTNlYjU2ZDU0X05hdGl2ZSIsInN1YiI6Imt1bmFsIiwiYXV0aF90aW1lIjoxNzA3ODExNTMyLCJpZHAiOiJWaXN1YWxHdWFyZCIsInZnSWRlbnRpdHlQcm92aWRlck5hbWUiOiJWaXN1YWxHdWFyZCIsInZnVG9rZW4iOiIxM0E5Qjc2REM0NDQ5QUFGQzI3MkU1RDUxMEY5ODkwQTAwRkYzMjk0NzVFMkZERTlBNzlEQUM4MkFGNDZGRTY2ODE5QTQyQURBMjRGRDJEQjhDREU0OTdDRDFBNzYyQTlEQTc3NjNGNTM3RTAwREYzMTJBQjBCMUJBQzA2MTVFMyIsInZnVXNlcklkIjoia3VuYWwiLCJqdGkiOiIwNjAzMTY3RDRGQkZBN0YwQTVCOTlBNzg2Q0MwMkVCMSIsImlhdCI6MTcwNzgxMTUzMiwic2NvcGUiOlsiSWRlbnRpdHlTZXJ2ZXJBcGkiLCJvcGVuaWQiLCJwcm9maWxlIiwiVkdBY3Rpdml0eURhdGUiLCJWR0FwcGxpY2F0aW9ucyIsIlZHRGV2ZWxvcGVyIiwiVkdJc0FwcHJvdmVkIiwiVkdJc0xvY2tlZCIsIlZHUGVybWlzc2lvbnMiLCJWR1Byb2ZpbGUiLCJWR1JvbGVzIiwiVkdUb2tlbiIsIm9mZmxpbmVfYWNjZXNzIl0sImFtciI6WyJWaXN1YWxHdWFyZCJdfQ.lRVgFqyK45UATrgtVWekAPk_c0HsMzfxIhOxJ3xa8Y-48LHo3VkZmjdNhPuTjHMiI9dXM5wKn6KuP_uf4ZLgpG8f-bSAd9pQZ7VVTP1wwRzeh_dbmz8j7tXyZSCZQkWd--b44ao_CwFyxoChc-rnuIC-cMQUuzS99ugjeGwi8S64RfjUmHfmp80ajuvjj7DlekUIlFSYdJ9pYjYdjfYOTo11eiNTPZJ-YxLMwFu6zLTIrXiN4XY3K5BIM6gMxMmH8nbXcrwnxdQ8RPSRF8jg4nyYjt_x15mCuAtVb8sMkomAYXX6UG430OKZgjC-o2rwfiICVg30s1qdNd10JJgauA",
    "expires_in": 1800,
    "token_type": "Bearer",
    "refresh_token": "61C074C8435CDE9F83A30E9A5FE937CFB72D57302B43C7B9955D17FA1D59D0CD",
    "scope": "IdentityServerApi offline_access openid profile VGActivityDate VGApplications VGDeveloper VGIsApproved VGIsLocked VGPermissions VGProfile VGRoles VGToken",
    "VGResponse": {
        "RequestId": "b8082385-27fe-46cb-bea4-0878b6b220c3",
        "AuthenticationState": {
            "Status": 2048,
            "IsFailed": false,
            "IsNotApproved": false,
            "IsCanceled": false,
            "IsCredentialInvalid": false,
            "IsUserNotAuthorized": false,
            "IsUserAccountExpired": false,
            "IsUserAccountNotYetAvailable": false,
            "IsUserAccountDisabled": false,
            "IsUserAccountLocked": false,
            "IsLastBadLogin": false,
            "IsLastGraceLogon": false,
            "IsPasswordExpired": false,
            "IsPasswordSecure": true,
            "IsUserAccountLockedOut": false,
            "IsUserAccountWillBeLockedOut": false,
            "MustChangePasswordAtNextLogon": false,
            "IsMFAWaitingUserAction": false,
            "IsMFAAuthenticationRequired": false,
            "IsMFATimeOut": false,
            "HasUserAccountMissingEmail": false,
            "HasUserAccountMissingMobilePhone": false,
            "IsMFAEnrollmentRequired": false
        },
        "AuthorizationState": {
            "Status": 16,
            "IsFailed": false,
            "IsCanceled": false,
            "IsUserNotFound": false,
            "IsUserNotAuthorized": false,
            "IsVersionNotCompatible": false
        },
        "AuthenticationResponse": {
            "RequestId": "b8082385-27fe-46cb-bea4-0878b6b220c3",
            "Identity": {
                "Name": "test",
                "AuthenticationType": "VGUSER",
                "IsAuthenticated": true
            },
            "MFAAvailables": [],
            "Status": 2048,
            "IsFailed": false,
            "IsNotApproved": false,
            "IsCanceled": false,
            "IsCredentialInvalid": false,
            "IsUserNotAuthorized": false,
            "IsUserAccountExpired": false,
            "IsUserAccountNotYetAvailable": false,
            "IsUserAccountDisabled": false,
            "IsUserAccountLocked": false,
            "IsLastBadLogin": false,
            "IsLastGraceLogon": false,
            "IsPasswordExpired": false,
            "IsPasswordSecure": true,
            "IsUserAccountLockedOut": false,
            "IsUserAccountWillBeLockedOut": false,
            "MustChangePasswordAtNextLogon": false,
            "IsMFAWaitingUserAction": false,
            "IsMFAAuthenticationRequired": false,
            "IsMFATimeOut": false,
            "HasUserAccountMissingEmail": false,
            "HasUserAccountMissingMobilePhone": false,
            "IsMFAEnrollmentRequired": false
        },
        "Error": {
            "Message": "",
            "StackTrace": ""
        },
        "AuthorizationStatus": "Success",
        "AuthenticationStatus": "Success",
        "VGToken": "13A9B76DC4449AAFC272E5D510F9890A00FF329475E2FDE9A79DAC82AF46FE66819A42ADA24FD2DB8CDE497CD1A762A9DA7763F537E00DF312AB0B1BAC0615E3"
    }
}

2. Response when MFA Authentication is required:

You can get MFAAvailableId and AuthenticationRequestId from response, and create second request using these parameters.

    Note: you can check ‘MultifactorAuthentication’ section in postman documentation.

    {
        "error": "invalid_request",
        "error_description": "Failure, MFA_AuthenticationRequired",
        "VGAuthenticationStatus": "Failure, MFA_AuthenticationRequired",
        "AuthenticationMethod": "None",
        "VGResponse": {
            "RequestId": "6984a56e-1674-4f90-9cfd-4573c049d250",
            "AuthenticationState": {
                "Status": 134217729,
                "IsFailed": true,
                "IsNotApproved": false,
                "IsCanceled": false,
                "IsCredentialInvalid": false,
                "IsUserNotAuthorized": false,
                "IsUserAccountExpired": false,
                "IsUserAccountNotYetAvailable": false,
                "IsUserAccountDisabled": false,
                "IsUserAccountLocked": false,
                "IsLastBadLogin": false,
                "IsLastGraceLogon": false,
                "IsPasswordExpired": false,
                "IsPasswordSecure": true,
                "IsUserAccountLockedOut": false,
                "IsUserAccountWillBeLockedOut": false,
                "MustChangePasswordAtNextLogon": false,
                "IsMFAWaitingUserAction": false,
                "IsMFAAuthenticationRequired": true,
                "IsMFATimeOut": false,
                "HasUserAccountMissingEmail": false,
                "HasUserAccountMissingMobilePhone": false,
                "IsMFAEnrollmentRequired": false
            },
            "AuthorizationState": {
                "Status": 1,
                "IsFailed": true,
                "IsCanceled": false,
                "IsUserNotFound": false,
                "IsUserNotAuthorized": false,
                "IsVersionNotCompatible": false
            },
            "AuthenticationResponse": {
                "RequestId": "6984a56e-1674-4f90-9cfd-4573c049d250",
                "Identity": {
                    "Name": "test",
                    "AuthenticationType": "VGUSER",
                    "IsAuthenticated": true
                },
                "MFAAvailables": [
                    {
                        "RequestId": "6984a56e-1674-4f90-9cfd-4573c049d250",
                        "TransportMode": 2,
                        "AuthenticationMode": 1,
                        "DestinationDisplay": "m****************s@g****.com",
                        "AuthenticationModeDisplay": "Link",
                        "TransportModeDisplay": "Email",
                        "Id": "674a1ed0-e987-4cd6-a0d2-01aa12a83231"
                    },
                    {
                        "RequestId": "6984a56e-1674-4f90-9cfd-4573c049d250",
                        "TransportMode": 2,
                        "AuthenticationMode": 2,
                        "DestinationDisplay": "m****************s@g****.com",
                        "AuthenticationModeDisplay": "OTP",
                        "TransportModeDisplay": "Email",
                        "Id": "ff2b9756-bfef-4209-86d3-1c5ca0e0aa23"
                    },
                    {
                        "RequestId": "6984a56e-1674-4f90-9cfd-4573c049d250",
                        "TransportMode": 1,
                        "AuthenticationMode": 2,
                        "DestinationDisplay": "+91*****34003",
                        "AuthenticationModeDisplay": "OTP",
                        "TransportModeDisplay": "SMS",
                        "Id": "881193d7-a65a-4d64-bea6-99fc8db64fbe"
                    }
                ],
                "Status": 134217729,
                "IsFailed": true,
                "IsNotApproved": false,
                "IsCanceled": false,
                "IsCredentialInvalid": false,
                "IsUserNotAuthorized": false,
                "IsUserAccountExpired": false,
                "IsUserAccountNotYetAvailable": false,
                "IsUserAccountDisabled": false,
                "IsUserAccountLocked": false,
                "IsLastBadLogin": false,
                "IsLastGraceLogon": false,
                "IsPasswordExpired": false,
                "IsPasswordSecure": true,
                "IsUserAccountLockedOut": false,
                "IsUserAccountWillBeLockedOut": false,
                "MustChangePasswordAtNextLogon": false,
                "IsMFAWaitingUserAction": false,
                "IsMFAAuthenticationRequired": true,
                "IsMFATimeOut": false,
                "HasUserAccountMissingEmail": false,
                "HasUserAccountMissingMobilePhone": false,
                "IsMFAEnrollmentRequired": false
            },
            "Error": {
                "Message": "",
                "StackTrace": ""
            },
            "AuthorizationStatus": "Failure",
            "AuthenticationStatus": "Failure, MFA_AuthenticationRequired",
            "VGToken": ""
        }
    }