6.2 Obtaining an extension token for Select Security Device

Before you can call the MyID Client Service API to open the Select Security Device dialog authenticated with the logged-on operator, you must obtain an extension token for this particular operation – this is a short-lived authorization code for a single use.

Note: This authenticated mode provides user images and full names on the smart card selection screen based on the scope and administration groups of the logged-on user. If you do not need to display this additional detail, you can call the SelectCard method of the MyID Client Service API without the Token parameter; in this case, you do not need to obtain an extension token.

To use authenticated mode, you must ensure that the MyID web.oauth2 server is configured to allow a scope of myid.devicepicker. Check the appsettings.json file (by default, in the C:\Program Files\Intercede\MyID\web.oauth2\ folder) for the following:

To obtain the extension token:

  1. Post the following information to the MyID token URL:

    https://<server>/web.oauth2/connect/token

  2. Capture the access token that is returned.

    You can now use this access token in the Token argument of the SelectCard method of the MyID Client Service API to launch the Select Security Device dialog authenticated with the logged-on operator.