Skip to content

A sample low-level pattern to integrate with Mindbody Identity Service.

Notifications You must be signed in to change notification settings

mindbody/PartnerOAuthWebApp

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Getting Started

PartnerOAuthWebApp

This is a low-level pattern partners may choose to integrate, but Mindbody Identity is fully OpenID Connect compatible and libraries or packages specific to your language which contain this functionality should be preferred.

You'll need to follow these processes in the order given.

OAuth

OAuth is another way to authorize endpoints by obtaining access token. The OAuth 2.0 authorization is a framework that allows user to grant a third party website or application access to the user's protected resources, without necessarily revealing their credentials or even identity.

In OAuth, the client request access to resources controlled by the resource owner and hosted by the resource server and is issued a different set of credentials than those of the resource owner. Instead of using the resource owner's credentials to access protected resources, the partner obtains an access token i.e. a string denoting a specific scope, lifetime and other attributes.

Access tokens are issued to the third party clients by an authorization server with the approval of the resource owner, then the client uses the access token to access the protected resources. Access tokens are in Json Web Token (JWT) format. The permissions represented by the access token in OAuth terms are known as scopes.

For OAuth client creation, please Contact API Support. OAuth 2.0 uses below two endpoints to get bearer access token to call Public API.

Go to Account.

Go to API Credentials and click on Create new OAuth Client and select Web.

Click on CREATE CLIENT and copy the secret.

Click on Manage. You will be able to see Configurations and Oauth Credentials.

Once Oauth Client is created you can use the endpoint for Authorization.

Authorize

https://signin.mindbodyonline.com/connect/authorize"

This endpoint initiates a sign in workflow. An OAuth Client will need to be provisioned for your account in order to use this endpoint.

** Parameters**

Name Type Description
response_mode string Use the value form_post.
response_type string Determines the authorization processing flow to be used. Clients created as type web will be assigned the OpenID Connect hybrid flow and should use code id_token. Clients created as type native or SPA will use OpenID Connect code flow with PKCE and should use code.
client_id string Your OAuth Client ID.
redirect_uri string Redirection URI to which the response will be sent.
scope string Use the value email profile openid offline_access Mindbody.Api.Public.v6. Your OAuth Client would need to have been provisioned with this scope. offline_access scope is mandatory to pass if you want refresh token back in response.
nonce string Value used to associate a Client session with an ID Token.
subscriberId string The Subscriber ID.

get-authorize-response

After a consumer navigates to the authorize endpoint, they will be redirected to a sign in page to complete the workflow. This is where they will enter their username and password.

Status Code Description
200 Redirect to OAuth provider

var client = new RestClient("https://signin.mindbodyonline.com/connect/authorize?response_mode=form_post&client_id={yourClientId}&redirect_uri={yourRedirectUri}&scope=email profile openid offline_access Mindbody.Api.Public.v6.Dev&response_type=code id_token&nonce=nonce&subscriberId={subscriberId}");
client.Timeout = -1;
var request = new RestRequest(Method.GET);
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);

Copy the url and paste in Browser.

Copy the Code from network tab in developer tool.

Token

https://signin.mindbodyonline.com/connect/token

This endpoint is used to request an access token in exchange for an authorization code or a refresh token. An OAuth Client will need to be provisioned for your account in order to use this endpoint.

** Form Data**

Name Type Description
grant_type string Specifies the workflow that the client application is using to authenticate and authorize a user against the token server. Possible values are authorization_code and refresh_token.
client_id string Your OAuth Client ID.
client_secret string Your OAuth Client Secret.
code string Required when grant_type is authorization_code
redirect_uri string Required when grant_type is authorization_code
refresh_token string Required when grant_type is refresh_token
scope string Use the value email profile openid offline_access Mindbody.Api.Public.v6. Your OAuth Client would need to have been provisioned with this scope. offline_access scope is mandatory to pass if you want refresh token back in response.
nonce
Optional
string Value used to associate a Client session with an ID Token.
subscriberId string The Subscriber ID.

Response

Example Response

{
    "id_token": "id_token",
    "access_token": "access_token",
    "refresh_token": "refresh_token",
    "token_type": "Bearer",
    "expires_in": 3600,
}
Name Type Description
id_token string The ID Token is a security token that contains Claims about the Authentication of an End-User by an authorization server.
access_token string A JSON Web Token, used for authorization, that contains information about the token provider, client application, target API resource, etc.
refresh_token string Present when the scope parameter includes offline_access. A token that can be used to obtain a new set of tokens from the token server.
token_type string Type of the token is set to "Bearer".
expires_in number The lifetime in seconds of the access token.

Hit the Get Token api and copy the access token

var client = new RestClient("https://signin.mindbodyonline.com/connect/token");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("accept", "application/json");
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddParameter("client_secret", "{yourClientSecret}");
request.AddParameter("client_id", "{yourClientId}");
request.AddParameter("scope", "email profile openid offline_access Mindbody.Api.Public.v6.Dev");
request.AddParameter("grant_type", "authorization_code");
request.AddParameter("redirect_uri", "{yourRedirectUri}");
request.AddParameter("subscriberId", "{subscriberId}");
request.AddParameter("code", "{authorizationCode}");
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);

This can be used to access the public api.

Refresh token can be generated as below:

var client = new RestClient("https://signin.mindbodyonline.com/connect/token");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("accept", "application/json");
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddParameter("client_secret", "{yourClientSecret}");
request.AddParameter("client_id", "{yourClientId}");
request.AddParameter("scope", "email profile openid offline_access Mindbody.Api.Public.v6.Dev");
request.AddParameter("grant_type", "refresh_token");
request.AddParameter("redirect_uri", "{yourRedirectUri}");
request.AddParameter("subscriberId", "{subscriberId}");
request.AddParameter("refresh_token", "{{refreshTokenOAuth}}");
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);

About

A sample low-level pattern to integrate with Mindbody Identity Service.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published