# Access Token

## Overview

When using an OpenID Connect (OIDC) authentication method with WorkflowGen, an OAuth 2.0 access token is available for server-side .NET development. This token enables you to make requests to the GraphQL API as well as to your own APIs, depending on your provider's configuration.

For instructions on how to configure an OIDC provider with WorkflowGen, see the [WorkflowGen for Azure](https://docs.advantys.com/docs/azure) guide for Microsoft Entra ID (formerly Azure Active Directory) or the [WorkflowGen Technical Guide](https://docs.advantys.com/workflowgen-technical-reference-guide/) for [Active Directory Federation Services (AD FS)](https://docs.advantys.com/docs/tech/adfs-integration), [Auth0](https://docs.advantys.com/docs/tech/auth0-integration), and [Okta](https://docs.advantys.com/docs/tech/okta-integration).

## Using an access token in web form code-behind

You can get the current user's access token from the new `this.CurrentUserAccessToken()` public instance method of the `WorkflowPage` class (available since WorkflowGen.My version 4.6.0) in order to make calls from the code-behind to WorkflowGen's GraphQL API or to your own APIs. To do this, follow the example code below:

```csharp
protected void Page_Load(object sender, EventArgs e)
{
    base.Page_Load(sender, e);
    
    var accessToken = this.CurrentUserAccessToken();
    
    var query = @"
query {
  viewer {
    firstName
    lastName
    userName
  }
}
";

    using (var client = new System.Net.Http.HttpClient
    {
        BaseAddress = new System.Uri("http://localhost/wfgen/graphql")
    })
    {
        client.DefaultRequestHeaders.Accept.Clear();
        client.DefaultRequestHeaders.Accept.Add(
            new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json")
        );
        client.DefaultRequestHeaders.Authorization =
            new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", accessToken);

        var jsonQuery = Newtonsoft.Json.JsonConvert.SerializeObject(new
        {
            query = query,
            operationName = "",
            variables = new {}
        });
        var response = client.PostAsync(string.Empty, new System.Net.Http.StringContent(jsonQuery, System.Text.Encoding.UTF8, "application/json")).Result;

        response.EnsureSuccessStatusCode();

        // Display the result in a web form field for debug purposes
        REQUEST_DESCRIPTION.Text = response.Content.ReadAsStringAsync().Result;
    }
}
```

There are settings that need to be added to the WebForms `web.config` file in order for this example to work. You must add the reference to the `System.Net.Http` namespace and deactivate unobtrusive validation mode. Here is a minimal `web.config` content that you can use:

```html
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <appSettings>
        <add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
    </appSettings>
    <system.web>
        <compilation debug="false" targetFramework="4.6.1">
            <assemblies>
                <add assembly="System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
            </assemblies>
        </compilation>
        <httpRuntime targetFramework="4.6.1" />
    </system.web>
</configuration>
```