Issue Impersonated Tokens

Whenever frontend services need to communicate with Space Blocks APIs directly, they need to acquire an Impersonated Access Token at your backend. For this, you need to implement and endpoint at your backend, which can be used to request an Impersonated Access Token for your users at the Space Blocks Token Manager.

Here are some examples, how to implement this endpoint.

C#

A Controller in an ASP.NET WebAPI project could look like this:

public class SpaceBlocksTokenController
{
    [Authorize]
    [Get("/token")]
    public async Task<ActionResult> GetImpersonatedAccessTokenAsync()
    {
        // Get Subject ID of the caller from the authentication layer
        var subjectId = User.FindFirstValue("sub");
        var tenantId = "<THE_TENANT_ID_THE_USER_BELONGS_TO>"

        // Request an Impersonated Space Blocks Access Token for this subject
        var client = new HttpClient();
        client.DefaultRequestHeaders.Add("apiKey", "<YOUR_API_KEY>");

        var body = new
        {
            client_id = "abc",
            client_secret = "xyz",
            scope = "foo:bar",
            app_tenant_id = tenantId,
            app_subject_id = subjectId
        };

        var request = new StringContent(JsonConvert.SerializeObject(body), Encoding.UTF8, "application/json");
        var response = await client.PostAsync("https://auth.spaceblocks.cloud/token-manager/token", request);
        var responseContent = await response.Content.ReadAsStringAsync();
        return Ok(responseContent);
    }
}

caution

Please note, that this code is only for demonstration purposes. In a real-world scenario, the HttpClient should be initiated centrally and the client_id and client_secret should be stored in a secure way.