Skip to main content

Token for external services (Exchange IAM Token)

The KSMExchangeIamTokenEvent class is designed to facilitate the exchange of an Identity and Access Management (IAM) token for authentication purposes. It plays a crucial role in obtaining a token required for subsequent HTTP requests, including token refresh operations.

⚠️ Note:

  • The Event you have to send to our MCSDK is the ExchangeIamTokenEvent. The result event KSMExchangeIamTokenResultEvent will contain a token that can be used for authorization against your backend services.
  • We would like to advise you that the audience you use in the ExchangeIamTokenEvent should not be the client id that you use in the activation and login flows.

Exchange IAM Token flow diagram

The event flow diagram illustrates the sequence of events during the Exchange IAM Token in KOBIL secure products.

This getTokenWithCompletionHandler method is responsible for obtaining the IAM token asynchronously and executing the provided completion handler with the obtained token or nil if unsuccessful.

  • audience: Specifies the target audience for the IAM token exchange. In the provided code, the audience is set to the intended backend service.

  • forceUpdate: This optional parameter specifies whether it is okay to reuse an existing cached token (if it is still valid) or whether an updated token should be obtained. A typical use case is that you might just have changed the user's password, so you already know your current token has been invalidated on the server side and you can save a round trip by explicitly requesting a new access token instead of sending a request with the invalid access token you still have, getting an error as a result, requesting a new access token, and resending the request with the new access token. Default value is false.

func getTokenWithCompletionHandler(completion: @escaping (String?) -> Void) {
    let tokenEvent = KSMExchangeIamTokenEvent(audience: "your-backend-service", forceUpdate: false)
        MasterControllerAdapter.sharedInstance.sendEvent2MasterController(event: tokenEvent) {
            // See below for handling the KSMExchangeIamTokenResultEvent 
        }
}

KSMExchangeIamTokenResultEvent

The KSMExchangeIamTokenResultEvent class serves as the result event for the KSMExchangeIamTokenEvent, encapsulating details related to the IAM token exchange response.

  • token: Contains the IAM token obtained from the exchange process.

Swift/iOS

guard let resultEvent = resultEvent as? KSMExchangeIamTokenResultEvent else {
    completion(nil)
    return
}
completion(resultEvent.token)