Authentication

Using OAuth 2.0 to access Location Hub

Location Hub uses Web Service authentication for authorization and access based on OAuth 2.0 protocol. All information transmitted to Location Hub services is encrypted using Secure Socket Layer (SSL) technology.

The Location Hub® Viewer API utilizes Basic Authentication for authorization and access of the services. Please refer to the Basic Authentication page for more details.

Basic Workflow

To summarize, the workflow is as follows:

  • Request an access token from the Authentication server using the client application’s credentials. Please contact your account executive to obtain your client credentials (client_id and client_secret).
  • Cache the authentication token for use in all requests until it expires.
  • Use the authentication token to make requests to Location Hub, until the authentication token expires. When the token has expired, the process should be repeated.

Requesting a Token

Tokens are retrieved using a simple HTTP POST request and then the token is appended to each service request in the “Authorization” HTTP header. The token request url is different for each Location Hub Service being accessed and requires the service name as part of the url. When requesting a token, the following url must be used:

Token Request url

https://dc1.spatialstream.com/ssapi/rest/v1/{service_name}/oauth2/token/

  • {service_name} – This is the specific Location Hub web service name that must be included in the token request url. Please contact your account executive to obtain your service name.

The POST request requires the following three parameters in the body of the request:

  • grant_type – This must be set to “client_credentials”
  • client_id – The unique Client ID provided by your account executive
  • client_secret – The unique Client Secret provided by your account executive

Sample HTTP POST Request

POST https://dc1.spatialstream.com/ssapi/rest/v1/recognition/oauth2/token/ HTTP/1.1
Accept-Encoding: gzip,deflate 
Content-Type: application/x-www-form-urlencoded 
Content-Length: 119 
Host: dc1.spatialstream.com 
Connection: Keep-Alive 
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

grant_type=client_credentials&client_id=clientIdrealValue&client_secret=topsecret

 

Sample HTTP POST Response

{
    "token_type": "bearer",
    "access_token": "0BqfgTJC7wZ7C2KeekssswRu8E7x1GFGG",
    "expires_in": 28800 
}

 

 Sample Token Management Code (C#)

private string tokenRequestURL= "https://dc1.spatialstream.com/ssapi/rest/v1/{service_name}/oauth2/token/";
private string clientSecret = "Client_Secret";
private string clientID = "Client_ID";
 
// {service_name} is the specific Location Hub web service name that must be included in the token request URL
 
Dictionary<string, KeyValuePair<string, DateTime>> tokens = new Dictionary<string, KeyValuePair<string, DateTime>>();
 
public string GetToken(string serviceName)
{
    lock (tokens)
    {
        private string uriAddress = tokenRequestURL.Replace("{service_name}", serviceName); 
        KeyValuePair<string, DateTime> tokenPair;
 
        if (!tokens.TryGetValue(uriAddress, out tokenPair) || tokenPair.Value < DateTime.UtcNow)
        {
            var tokenResponse = GetOAuthToken(uriAddress);
            if (tokenResponse != null)
            {
                // the returned token must be preceded with "bearer "
                string authToken = string.Format("bearer {0}", tokenResponse.Value.Key);
 
                // request new token when we are at 20% from the expiration time
                DateTime tokenExpiry = DateTime.UtcNow.AddSeconds(tokenResponse.Value.Value * 4 / 5);
 
                tokenPair = new KeyValuePair<string, DateTime>(authToken, tokenExpiry);
                tokens[uriAddress] = tokenPair;
            }
        }
 
        return tokenPair.Key;
    }
}
 
private KeyValuePair<string, int>? GetOAuthToken(string tokenRequestAddress)
{
    WebClient authClient = new WebClient();
    authClient.BaseAddress = tokenRequestAddress;
    NameValueCollection values = new NameValueCollection();
 
    values.Add("grant_type", "client_credentials");
    values.Add("client_id", clientSecret);
    values.Add("client_secret", clientID);
 
    byte[] tokenResponseInBytes = authClient.UploadValues(tokenRequestAddress, values);
    string tokenResponse = Encoding.UTF8.GetString(tokenResponseInBytes);
    dynamic token = JsonConvert.DeserializeObject(tokenResponse);
    string access_token = token["access_token"];
    int expiry = token["expires_in"];
 
    return new KeyValuePair<string, int>(access_token, expiry);
}

 

Using the Token

Once you have received the token and cached it, you can use the cached token in all calls to Location Hub by including it as the HTTP Authorization header. Attaching the token as the Authentication header can be done using the example below:

string serviceName = "recognition";
var token = GetToken(serviceName);
 
if (token != null)
    WebOperationContext.Current.OutgoingRequest.Headers[HttpRequestHeader.Authorization]
        = token;

 

The HTTP POST request would look something like this:

POST https://lhrecognition.dmtispatial.com/services/recognition/v2.2 HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: text/xml;charset=UTF-8
SOAPAction: "RecognizeFreeForm"
Authorization: bearer ***********************************
Content-Length: 1809
Host: lhrecognition.dmtispatial.com
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

 

Token Expiry

When a token is issued, the expires_in value in the response is the number of seconds from the time of issue that the token will be valid for. The default token expiry time is 8 hours form time of issue.

The token expiry is defined in the following response parameter:

  • expires_in: The number of seconds from the time of issue that the token will expire

It is recommended that you request a new token before the expiry time.