AgentAuthorizationClient Class


Utility to generate OIDC/OAuth tokens for agent or agent applications

  • The application must register a client using the self service registration page.
  • The client type must be "Agent"
  • Use the Client Id/Client Secret/Scopes to create the agent configuration that's passed in.
  • Ensure the application can access the iTwin Project/Asset - in production environments, this is done by using the iTwin project portal to add add the email {Client Id} as an authorized user with the appropriate role that includes the required access permissions.




Name Description
constructor(agentConfiguration: AgentAuthorizationClientConfiguration): AgentAuthorizationClient    
getAccessToken(requestContext?: ClientRequestContext): Promise<AccessToken> Returns a promise that resolves to the AccessToken of the currently authorized client.  
getToken(requestContext: ClientRequestContext): Promise<AccessToken> Get the access token Deprecated
refreshToken(requestContext: ClientRequestContext, jwt: AccessToken): Promise<AccessToken> Refresh the access token - simply checks if the token is still valid before re-fetching a new access token Deprecated

Inherited methods

Name Inherited from Description
delete(requestContext: AuthorizedClientRequestContext, relativeUrlPath: string): Promise<void> Protected Client used by clients to send delete requests
discoverEndpoints(requestContext: ClientRequestContext): Promise<Issuer> BackendAuthorizationClient Discover the endpoints of the service
getClient(requestContext: ClientRequestContext): Promise<OpenIdClient> Protected BackendAuthorizationClient  
getUrl(requestContext: ClientRequestContext): Promise<string> Client Gets the URL of the service.
getUrlSearchKey(): string Protected ImsAuthorizationClient Gets name/key to query the service URLs from the URL Discovery Service ("Buddi")
setupOptionDefaults(options: RequestOptions): Promise<void> Protected Client Augments request options with defaults returned by the DefaultRequestOptionsProvider.


Name Type Description
hasExpired Accessor ReadOnly boolean Set to true if the user has signed in, but the token has expired and requires a refresh  
hasSignedIn Accessor ReadOnly boolean Set to true if signed in - the accessToken may be active or may have expired and require a refresh  
isAuthorized Accessor ReadOnly boolean Set to true if there's a current authorized user or client (in the case of agent applications).  

Inherited properties

Name Type Inherited from Description
_configuration Protected BackendAuthorizationClientConfiguration BackendAuthorizationClient  
_url Protected undefined | string Client  
searchKey Static string ImsAuthorizationClient  

Defined in

Last Updated: 23 April, 2020