How to get a security token ?

Estimated reading: 6 minutes 1664 views

The VG Identity Server provides various methods to obtain a security token, granting access to your VG application. Here’s how to get started:

1. Define Platform Authentication:

Before requesting a token, your VG application requires a configured platform authentication. This sets the ground rules for secure communication.

2. Making the Authentication Request:

Once the platform authentication is in place, your application can initiate the token request by sending an HTTPS POST request. This triggers the authentication process on the Identity Server.

Explore the different authentication methods below:

Authenticate with VG User

Authenticate with Windows by Credentials

Authenticate with Database

Authenticate with PasswordLess

MFA Authentication

Following section contains list of possible http post variables for authentication methods

Post Variable	Description	Value
client_id	What Platform is used to authenticate the user The name is <application id>_<Platform mode> Like ADCC6B64-8577-4993-B934-77B9A5BA157B_Native
scope	Scope is a mechanism in OAuth 2.0 to limit an application’s access to a user’s account. An application can request one or more scopes, this information is then presented to the user in the consent screen, and the access token issued to the application will be limited to the scopes granted. The OAuth spec allows the authorization server or user to modify the scopes granted to the application compared to what is requested, although there are not many examples of services doing this in practice. OAuth does not define any particular values for scopes, since it is highly dependent on the service’s internal architecture and needs.	openid profile VGActivityDate VGApplications VGDeveloper VGIsApproved VGIslocked VGPermissions VGProfile VGRoles VGToken IdentityServerAPI offline_access
client_secret	You need to use one secret of your VGIdentityServerClient
grant_type	Define the type of authentification controller	VGAuthenticator
VGAuthenticationModule	Define the type of authentication	VGUser WindowsByCredential Passwordless
Username	This variable is used for the account type: Visual-Guard, Windows by credentials, etc..
Password	This variable is used when the account has password
AuthenticationRequestId	RequestId of the selected mfa available method (Guid). Once you authenticate with first factor authentication, available options will be shown in the response
MFAAvailableId	Id of the selected mfa available method (Guid). Once you authenticate with first factor authentication, available options will be shown in the response
MFASecureCode	MFA Secure Code (OTP), that you might have received for multi factor authentication

Please find below the example responses for authentication procedure.

Success response

acccess_token is your secure token
expires_in is duration of the token
token_type is always Bearer Token
scope define what this token have access
VGReponse is the response of VGSecurityRuntime
- AuthenticationState is the status of the authentication
- AuthorizationState is the state of your current request
- Error is set if VGSecurityRuntime get an error
- VGToken is your internal security token

{
    "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjIxODRFQzQ1MDMzMEM1QURFOTRDQjNBOUY5QjE1NkQwQkE5REE1NTBSUzI1NiIsInR5cCI6ImF0K2p3dCIsIng1dCI6IklZVHNSUU13eGEzcFRMT3AtYkZXMExxZHBWQSJ9.eyJuYmYiOjE3MDc4MTE1MzIsImV4cCI6MTcwNzgxMzMzMiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwIiwiY2xpZW50X2lkIjoiMThkZThjZTctODBlNy00YzY2LWE2NzItNGZmYTNlYjU2ZDU0X05hdGl2ZSIsInN1YiI6Imt1bmFsIiwiYXV0aF90aW1lIjoxNzA3ODExNTMyLCJpZHAiOiJWaXN1YWxHdWFyZCIsInZnSWRlbnRpdHlQcm92aWRlck5hbWUiOiJWaXN1YWxHdWFyZCIsInZnVG9rZW4iOiIxM0E5Qjc2REM0NDQ5QUFGQzI3MkU1RDUxMEY5ODkwQTAwRkYzMjk0NzVFMkZERTlBNzlEQUM4MkFGNDZGRTY2ODE5QTQyQURBMjRGRDJEQjhDREU0OTdDRDFBNzYyQTlEQTc3NjNGNTM3RTAwREYzMTJBQjBCMUJBQzA2MTVFMyIsInZnVXNlcklkIjoia3VuYWwiLCJqdGkiOiIwNjAzMTY3RDRGQkZBN0YwQTVCOTlBNzg2Q0MwMkVCMSIsImlhdCI6MTcwNzgxMTUzMiwic2NvcGUiOlsiSWRlbnRpdHlTZXJ2ZXJBcGkiLCJvcGVuaWQiLCJwcm9maWxlIiwiVkdBY3Rpdml0eURhdGUiLCJWR0FwcGxpY2F0aW9ucyIsIlZHRGV2ZWxvcGVyIiwiVkdJc0FwcHJvdmVkIiwiVkdJc0xvY2tlZCIsIlZHUGVybWlzc2lvbnMiLCJWR1Byb2ZpbGUiLCJWR1JvbGVzIiwiVkdUb2tlbiIsIm9mZmxpbmVfYWNjZXNzIl0sImFtciI6WyJWaXN1YWxHdWFyZCJdfQ.lRVgFqyK45UATrgtVWekAPk_c0HsMzfxIhOxJ3xa8Y-48LHo3VkZmjdNhPuTjHMiI9dXM5wKn6KuP_uf4ZLgpG8f-bSAd9pQZ7VVTP1wwRzeh_dbmz8j7tXyZSCZQkWd--b44ao_CwFyxoChc-rnuIC-cMQUuzS99ugjeGwi8S64RfjUmHfmp80ajuvjj7DlekUIlFSYdJ9pYjYdjfYOTo11eiNTPZJ-YxLMwFu6zLTIrXiN4XY3K5BIM6gMxMmH8nbXcrwnxdQ8RPSRF8jg4nyYjt_x15mCuAtVb8sMkomAYXX6UG430OKZgjC-o2rwfiICVg30s1qdNd10JJgauA",
    "expires_in": 1800,
    "token_type": "Bearer",
    "refresh_token": "61C074C8435CDE9F83A30E9A5FE937CFB72D57302B43C7B9955D17FA1D59D0CD",
    "scope": "IdentityServerApi offline_access openid profile VGActivityDate VGApplications VGDeveloper VGIsApproved VGIsLocked VGPermissions VGProfile VGRoles VGToken",
    "VGResponse": {
        "RequestId": "b8082385-27fe-46cb-bea4-0878b6b220c3",
        "AuthenticationState": {
            "Status": 2048,
            "IsFailed": false,
            "IsNotApproved": false,
            "IsCanceled": false,
            "IsCredentialInvalid": false,
            "IsUserNotAuthorized": false,
            "IsUserAccountExpired": false,
            "IsUserAccountNotYetAvailable": false,
            "IsUserAccountDisabled": false,
            "IsUserAccountLocked": false,
            "IsLastBadLogin": false,
            "IsLastGraceLogon": false,
            "IsPasswordExpired": false,
            "IsPasswordSecure": true,
            "IsUserAccountLockedOut": false,
            "IsUserAccountWillBeLockedOut": false,
            "MustChangePasswordAtNextLogon": false,
            "IsMFAWaitingUserAction": false,
            "IsMFAAuthenticationRequired": false,
            "IsMFATimeOut": false,
            "HasUserAccountMissingEmail": false,
            "HasUserAccountMissingMobilePhone": false,
            "IsMFAEnrollmentRequired": false
        },
        "AuthorizationState": {
            "Status": 16,
            "IsFailed": false,
            "IsCanceled": false,
            "IsUserNotFound": false,
            "IsUserNotAuthorized": false,
            "IsVersionNotCompatible": false
        },
        "AuthenticationResponse": {
            "RequestId": "b8082385-27fe-46cb-bea4-0878b6b220c3",
            "Identity": {
                "Name": "test",
                "AuthenticationType": "VGUSER",
                "IsAuthenticated": true
            },
            "MFAAvailables": [],
            "Status": 2048,
            "IsFailed": false,
            "IsNotApproved": false,
            "IsCanceled": false,
            "IsCredentialInvalid": false,
            "IsUserNotAuthorized": false,
            "IsUserAccountExpired": false,
            "IsUserAccountNotYetAvailable": false,
            "IsUserAccountDisabled": false,
            "IsUserAccountLocked": false,
            "IsLastBadLogin": false,
            "IsLastGraceLogon": false,
            "IsPasswordExpired": false,
            "IsPasswordSecure": true,
            "IsUserAccountLockedOut": false,
            "IsUserAccountWillBeLockedOut": false,
            "MustChangePasswordAtNextLogon": false,
            "IsMFAWaitingUserAction": false,
            "IsMFAAuthenticationRequired": false,
            "IsMFATimeOut": false,
            "HasUserAccountMissingEmail": false,
            "HasUserAccountMissingMobilePhone": false,
            "IsMFAEnrollmentRequired": false
        },
        "Error": {
            "Message": "",
            "StackTrace": ""
        },
        "AuthorizationStatus": "Success",
        "AuthenticationStatus": "Success",
        "VGToken": "13A9B76DC4449AAFC272E5D510F9890A00FF329475E2FDE9A79DAC82AF46FE66819A42ADA24FD2DB8CDE497CD1A762A9DA7763F537E00DF312AB0B1BAC0615E3"
    }
}

2. Response when MFA Authentication is required:

You can get MFAAvailableId and AuthenticationRequestId from response, and create second request using these parameters.

Note: you can check ‘MultifactorAuthentication’ section in postman documentation.

{
    "error": "invalid_request",
    "error_description": "Failure, MFA_AuthenticationRequired",
    "VGAuthenticationStatus": "Failure, MFA_AuthenticationRequired",
    "AuthenticationMethod": "None",
    "VGResponse": {
        "RequestId": "6984a56e-1674-4f90-9cfd-4573c049d250",
        "AuthenticationState": {
            "Status": 134217729,
            "IsFailed": true,
            "IsNotApproved": false,
            "IsCanceled": false,
            "IsCredentialInvalid": false,
            "IsUserNotAuthorized": false,
            "IsUserAccountExpired": false,
            "IsUserAccountNotYetAvailable": false,
            "IsUserAccountDisabled": false,
            "IsUserAccountLocked": false,
            "IsLastBadLogin": false,
            "IsLastGraceLogon": false,
            "IsPasswordExpired": false,
            "IsPasswordSecure": true,
            "IsUserAccountLockedOut": false,
            "IsUserAccountWillBeLockedOut": false,
            "MustChangePasswordAtNextLogon": false,
            "IsMFAWaitingUserAction": false,
            "IsMFAAuthenticationRequired": true,
            "IsMFATimeOut": false,
            "HasUserAccountMissingEmail": false,
            "HasUserAccountMissingMobilePhone": false,
            "IsMFAEnrollmentRequired": false
        },
        "AuthorizationState": {
            "Status": 1,
            "IsFailed": true,
            "IsCanceled": false,
            "IsUserNotFound": false,
            "IsUserNotAuthorized": false,
            "IsVersionNotCompatible": false
        },
        "AuthenticationResponse": {
            "RequestId": "6984a56e-1674-4f90-9cfd-4573c049d250",
            "Identity": {
                "Name": "test",
                "AuthenticationType": "VGUSER",
                "IsAuthenticated": true
            },
            "MFAAvailables": [
                {
                    "RequestId": "6984a56e-1674-4f90-9cfd-4573c049d250",
                    "TransportMode": 2,
                    "AuthenticationMode": 1,
                    "DestinationDisplay": "m****************s@g****.com",
                    "AuthenticationModeDisplay": "Link",
                    "TransportModeDisplay": "Email",
                    "Id": "674a1ed0-e987-4cd6-a0d2-01aa12a83231"
                },
                {
                    "RequestId": "6984a56e-1674-4f90-9cfd-4573c049d250",
                    "TransportMode": 2,
                    "AuthenticationMode": 2,
                    "DestinationDisplay": "m****************s@g****.com",
                    "AuthenticationModeDisplay": "OTP",
                    "TransportModeDisplay": "Email",
                    "Id": "ff2b9756-bfef-4209-86d3-1c5ca0e0aa23"
                },
                {
                    "RequestId": "6984a56e-1674-4f90-9cfd-4573c049d250",
                    "TransportMode": 1,
                    "AuthenticationMode": 2,
                    "DestinationDisplay": "+91*****34003",
                    "AuthenticationModeDisplay": "OTP",
                    "TransportModeDisplay": "SMS",
                    "Id": "881193d7-a65a-4d64-bea6-99fc8db64fbe"
                }
            ],
            "Status": 134217729,
            "IsFailed": true,
            "IsNotApproved": false,
            "IsCanceled": false,
            "IsCredentialInvalid": false,
            "IsUserNotAuthorized": false,
            "IsUserAccountExpired": false,
            "IsUserAccountNotYetAvailable": false,
            "IsUserAccountDisabled": false,
            "IsUserAccountLocked": false,
            "IsLastBadLogin": false,
            "IsLastGraceLogon": false,
            "IsPasswordExpired": false,
            "IsPasswordSecure": true,
            "IsUserAccountLockedOut": false,
            "IsUserAccountWillBeLockedOut": false,
            "MustChangePasswordAtNextLogon": false,
            "IsMFAWaitingUserAction": false,
            "IsMFAAuthenticationRequired": true,
            "IsMFATimeOut": false,
            "HasUserAccountMissingEmail": false,
            "HasUserAccountMissingMobilePhone": false,
            "IsMFAEnrollmentRequired": false
        },
        "Error": {
            "Message": "",
            "StackTrace": ""
        },
        "AuthorizationStatus": "Failure",
        "AuthenticationStatus": "Failure, MFA_AuthenticationRequired",
        "VGToken": ""
    }
}

Articles

How to authenticate a Visual Guard User?