Token Authentication
The HxGN Content Program’s streaming service can be integrated into web applications using the OAuth 2.0 client credentials grant. Using OAuth client credentials (Client ID and Client Secret) to authenticate has the following advantages:
The token returned can be used in web applications without the need to have individually named users on the HxGN Content Program’s streaming platform.
Eliminates the need to expose the username and password on a website, which is a security risk even for internal-only applications.
Eliminates the need to setup a proxy server on-site that does the secure request on the customer behalf.
Set up a simple token-based workflow using the following steps:
End client logs in to your web application.
The back-end server requests a token from HxGN Content Program:
Add the URL:
https://services.hxgncontent.com/streaming/oauth/token?grant_type=client_credentials&client_id=<clientid>&client_secret=<clientsecret>Client ID and Client Secret can be found in the Client Account Administration Tool.
Administer User > Select User
Return "access_token" to the client side application running on the browser.
Client side GUI application adds the access token to all WMS/WMTS requests. For example:
https://services.hxgncontent.com/streaming/wms?access_token=<token>&Service=WMS&Request=GetCapabilitieshttps://services.hxgncontent.com/streaming/wmts?/1.0.0/HxGN_Imagery/default/WebMercator/2/1/0.jpg&access_token=<token>
The access token will expire after the configured "
expires_in" value, which lasts 12 hours by default.If a token is granted but another token request is made before it expires, then one of two instances will occur:
The token's expiration date will not change if the current “
expires_in" value is more than half of the configured "expires_in" value.The token will renew for another "
expires_in" value if the current “expires_in" value is less than half of the configured "expires_in" value.
A new token is granted in all other instances.