A HTTP request needs to be sent to the identity provider to obtain an access token that will subsequently be used to authorize the user to access the GBG identity solution.
There are several ways to obtain the token; they are:
- Delegated Authentication: Single Sign-on (SSO)
- Delegated Authentication: Machine-to-Machine (M2M) with Pre-shared Client Secret
- Delegated Authentication: Machine-to-Machine (M2M) with Certificate
- Pre-generated Token (similar to M2M with Pre-shared Client Secret, but simpler to set up)
The SDK can work with any method provided the access token is made available.
Any programming language and HTTP library can be used to send the secure HTTP request for any of the four options above. For Single Sign-On, see the test-harness\components\AzureSSOAuth folder for an example which uses Active Directory Authentication Library (ADAL). For Machine-to-Machine, the Fetch API could be used.