Overview

This service provides a SOAP alternative to the RESTful oauth2token service, and is used to acquire an OAuth 2 Token that can be used by an OAuth 2 Authenticated User of a Client App for access to Projector services. Note that this service should not be provided with a SessionTicket on invocation.

Request Format

Panel

title	PwsAcquireOauth2Token Request

PwsAcquireOauth2Token
- serviceRequest: PwsAcquireOauth2TokenRq
  - RequestId: Int32
  - SessionTicket: String
  - ClientIdentifier: String
  - ClientSecret: String
  - Code: String
  - CodeVerifier: String
  - GrantType: String
  - RedirectUri: String
  - RefreshToken: String

...

Element	Data Type	Required?	Default	Description	Sample Data
RequestId	Int32	No		Click here for more information
SessionTicket	String	Yes	Click here for more informationNo		Should be omitted or set to null.
ClientIdentifier	String	Yes		Guid string that identifies the client app requesting a token	24748faf-e239-d132-167a-6e4d3e1bd0fb
ClientSecret	String	Yes		Secret string that client app uses to prove itself	r6tuVhR3ol1BFFVfy3Oe-J8VoH0KpkgLVqAMi-IIgvd_Lr613IEYcXhKAea8eLtQKSIgQ4jHIKhCKQcwriUtgB
Code	String	When GrantType="code"		The short-lived authentication code that was provided on the successful redirect of the `oauth2authorize` request. Must be supplied if GrantType="code" and may not be supplied for any other GrantType.	E2BgYJjLoNrEY50z-8hLMXevukfd3EWpZcn5RQW6xemGeYelfl_aetMDAA
CodeVerifier	String	No		Code Verifier generated by the client app and for which a code challenge was previously sent as part of the `oauth2authorize` request that was implementing PKCE. May only be supplied if GrantType="code", and must be supplied if a code challenge was part of the authorization request that generated the code.	swubMxS7yR-SYjlEwuu5gaS8~bvgL-ngbpZiYFLR_4Vf~u388c.qimhmm6kVc3h3h~TSmhDj02AIPeGcI_Y
GrantType	String	Yes		Currently must be either "code" for an initial grant, or "refresh_token" for a token refresh.
RedirectUri	String	When GrantType="code"		Must be identical to the `redirect_uri` that was supplied as part of the `oauth2authorize` request.	https://my.app.com/redirect-handler
RefreshToken	String	When GrantType="refresh_token"		A valid refresh token that designates a client app connection needing a refresh	E2BgYJjLoNrEY50z-7gMN1evukfd3EWpZcn5RQW6xemGeYelfl_aetMDAA

Request Usage Example(s)

Code Block

language	xml
title	Request for OAuth 2 Token on initial authentication grant by code
linenumbers	true
collapse	true

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:pws="http://projectorpsa.com/PwsProjectorServices/" xmlns:req="http://projectorpsa.com/DataContracts/Requests/">
   <soapenv:Header/>
   <soapenv:Body>
      <pws:PwsAcquireOauth2Token>
         <pws:serviceRequest>
            <req:ClientIdentifier>24748faf-e239-d132-167a-6e4d3e1bd0fb</req:ClientIdentifier>
            <req:ClientSecret>r6tuVhR3ol1BFFVfy3Oe-J8VoH0KpkgLVqAMi-IIgvd_Lr613IEYcXhKAea8eLtQKSIgQ4jHIKhCKQcwriUtgB</req:ClientSecret>
            <req:Code>E2BgYJjLoNrEY50z-8hLMXevukfd3EWpZcn5RQW6xemGeYelfl_aetMDAA</req:Code>
            <req:CodeVerifier>swubMxS7yR-SYjlEwuu5gaS8~bvgL-ngbpZiYFLR_4Vf~u388c.qimhmm6kVc3h3h~TSmhDj02AIPeGcI_Y</req:CodeVerifier>
            <req:GrantType>code</req:GrantType>
            <req:RedirectUri>https://my.app.com/redirect-handler</req:RedirectUri>
         </pws:serviceRequest>
      </pws:PwsAcquireOauth2Token>
   </soapenv:Body>
</soapenv:Envelope>

Code Block

language	xml
title	Request for OAuth2 Token Refresh
linenumbers	true
collapse	true

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:pws="http://projectorpsa.com/PwsProjectorServices/" xmlns:req="http://projectorpsa.com/DataContracts/Requests/">
   <soapenv:Header/>
   <soapenv:Body>
      <pws:PwsAcquireOauth2Token>
         <pws:serviceRequest>
            <req:ClientIdentifier>24748faf-e239-d132-167a-6e4d3e1bd0fb</req:ClientIdentifier>
            <req:ClientSecret>r6tuVhR3ol1BFFVfy3Oe-J8VoH0KpkgLVqAMi-IIgvd_Lr613IEYcXhKAea8eLtQKSIgQ4jHIKhCKQcwriUtgB</req:ClientSecret> 
            <req:GrantType>refresh_token</req:GrantType>
            <req:RefreshToken>E2BgYJjLoNrEY50z-7gMN1evukfd3EWpZcn5RQW6xemGeYelfl_aetMDAA</req:RefreshToken>
         </pws:serviceRequest>
      </pws:PwsAcquireOauth2Token>
   </soapenv:Body>
</soapenv:Envelope>

Response Format

Panel

title	PwsAcquireOauth2Token Response

PwsAcquireOauth2TokenResponse
- PwsAcquireOauth2TokenResult: PwsAcquireOauth2TokenRs
  - Messages: PwsMessage[]
  - ResponseId: Int32
  - Status: RequestStatus
  - ServerTimestampUtc: DateTime
  - AccessToken: String
  - ExpiresInSeconds: Int32
  - MaxLifetimeMinutes: Int32
  - RedirectUrl: String
  - RefreshToken: String
  - RestServiceAuthority: String
  - SoapServiceAuthority: String
  - TimeoutMinutes: Int32
  - TokenType: String

...

Element	Data Type	Description	Sample Data
Messages	PwsMessage[]	The web service response status and message. Click here for more information.
ResponseId	Int32	Click here for more information
Status	RequestStatus	Click here for more information
ServerTimestampUtc	DateTime	Click here for more information
AccessToken	String	Token used for subsequent API access to Projector. In practical terms, this is a SessionTicket.	Af4yzv6CcFKZEh2dz45zZg==
ExpiresInSeconds	Int32	How many seconds the `AccessToken` is valid for.	604800
MaxLifetimeMinutes	Int32	The maximum lifetime of the `AccessToken` in minutes.	10080
RedirectUrl	String	If this is set, this `PwsAcquireOauth2Token` service invocation was made against the incorrect server for the user being authenticated. If that is the case, the service should be re-invoked against this base URL.	https://secure2.projectorpsa.com
RefreshToken	String	The token that can be used to refresh the client app user's access when the Access Token is expired.	E2BgYJjLoNrEY50z-7gMN1evukfd3EWpZcn5RQW6xemGeYelfl_aetMDAA
RestServiceAuthority	String	The URL that must be used for any restful reporting services invoked with the `AccessToken` .	https://app2.projectorpsa.com
SoapServiceAuthority	String	The base URL that must be used for any SOAP services invoked with the `AccessToken` .	https://secure2.projectorpsa.com
TimeoutMinutes	Int32	How long the `AccessToken` may be valid with no use in minutes.	10080
TokenType	String	`projector_session_ticket`	projector_session_ticket

PwsAcquireOauth2Token - Common Errors and Warnings

...

ErrorNumber	ErrorCode	ErrorText
50629	OauthUnsupportedGrantType	Unsupported OAuth2 Grant Type "{GrantType}".
50630	OauthInvalidClient	Invalid Oauth2 Client.
50631	OauthInvalidGrant	Invalid Grant for Oauth2 Token: "{InvalidReason}".
50632	OauthInvalidRequest	Invalid OAuth2 Request in Context "{Context}". Null or missing parameters "{Missing}". Improper parameters "{Improper}".
50635	OauthUnsupportedTokenType	Unsupported OAuth2 Token Type "{TokenType}".

Versions Compared

Old Version 4

New Version 5

Key

Overview

Request Format

Request Usage Example(s)

Response Format

PwsAcquireOauth2Token - Common Errors and Warnings

Page Comparison

Versions Compared

Old Version 4

New Version 5

Key

<span class="diff-html-added" data-a11y-before="Start of added content" data-a11y-after="End of added content" id="added-diff-0">[data-colorid=jo606xul2l]{color:#333333} html[data-color-mode=dark] [data-colorid=jo606xul2l]{color:#cccccc}</span>Overview

Request Format

Request Usage Example(s)

Response Format

PwsAcquireOauth2Token - Common Errors and Warnings

Overview