Alison Server - Authentication
- Armando Carratala
OAuth Clients
Each OAuthClient has the following attributes:
ClientId
An identifier of the client.
ClientSecret
A secret that is used to authenticate to the authorization server
Authorized Grant Types
The OAuth2 grant type that the client can use.
Currently, only "client_credentials" is supported.
Access Token Validity
Defines the validity time (in seconds) of the generated token. Only values greater than 0 are accepted.
An example of this definition is below:
{
"clientId": "homo-application",
"clientSecret": "homo-application_password",
"authorizedGrantTypes": "client_credentials",
"accessTokenValidity": 3600
}
Authorization
Alison-Server protects its resources with OAuth2 mechanisms. In order to access any resource, it is necessary to send an authorization token, which is provided by an authorization server.
In order to get a token the following information must be sent:
ClientId
The ClientId that was used when creating the OAuthClient.
ClientSecret
The secret that was sent when creating the OAuthClient.
Grant Type
The OAuth2 grant type that will be used for authorization. Currently, only "client_credentials" is supported.
Scope
A string containing information of the seat and tenant that will be used in the following requests. Both seat and tenant are required.
The scope's format is:
seat:$value tenant:$value
All the information must be sent as form-data.
Example:
client_id acme
client_secret acme_password
grant_type client_credentials
scope seat:jdoe@acmeTokens can be checked through the "check_token" service. This is useful to check if the token has expired before making a request to a service.
Tokens also can be revoked through the "revoke" service. When a token is revoked, it cannot be used again.