Of course you’ll need to replace YOUR_DREAMFACTORY_SERVER with your DreamFactory server’s domain name, and YOUR_SERVICE_NAME with the name of the OpenID service you created inside DreamFactory. To create the authentication link, you’ll use this URL: So now that all of the pieces to the puzzle are in place, what does the authentication workflow look like? Let’s walk through the entire process. You’ll add a script like this to your application in order to retrieve the JWT (defined within the session_token attribute) and subsequently pass that JWT along with future API requests. GET /api/v2/mysql/_table/employees HTTP/1.1Īuthorization: Basic d2pAd2pnaWxtb3JlLmNvbTpqYXNvbjEyMw=Īccept: / Authenticating with Azure Active Directory OAuth string(353) The following diagram outlines this process: Authenticating with Basic HTTP Authentication DreamFactory will check the token’s validity and signature, examine the associated user’s assigned RBAC (role-based access controls can be assigned on a per user-basis via the user’s Roles tab), and if everything checks out the API call will be processed. This JWT should then be submitted along with each subsequent request. Once successfully authenticated, DreamFactory will generate the JWT and return it to the client. The following diagram outlines the authentication flow when using a third-party authentication provider such as Active Directory: This JWT is generated by DreamFactory following a successful authentication against the authentication service provider. When user-based authentication is used, DreamFactory will additionally expect a JSON Web Token (JWT) be passed along via the X-DreamFactory-Session-Token header. DreamFactory will confirm the key exists (all API keys are listed under the administration console’s Apps tab), and then review the associated RBAC to confirm the request method and URI are permissible according to the RBAC definition. This API key is passed along with the request via the X-DreamFactory-Api-Key header. Regardless of whether the desired authentication approach is anonymous or user-based, you’ll always supply an API key. OAuth, including support for providers such as Facebook and GitHub.In fact, DreamFactory supports these providers and more, including: However in many cases you’ll want to identify the connecting user by requiring authentication via an authentication provider such as Active Directory, LDAP, or Okta. The former pertains to the provision of solely an API key, meaning DreamFactory won’t possess any additional information regarding the user responsible for issuing API calls through the client. If you’re interested in protecting a database-backed API, you could limit access to a specific table, view, or stored procedure.įurther, DreamFactory supports both anonymous and user-based authentication. For instance, it’s possible to create a read-only RBAC which ensures the client can’t access the API’s insertion, modification, or deletion endpoints if they exist. The API key is associated with a role-based access control (RBAC) which determines what actions the client responsible for supplying the API key can undertake with regards to the API. In this chapter we’ll walk you through all of the different authentication integration options at your disposal! Authentication FundamentalsĪll DreamFactory APIs are private by default, requiring at minimum an API key for authentication purposes. These connectors include Active Directory, LDAP, OAuth through well-known identity providers such as Facebook, GitHub, and Twitter, OpenID Connect, and SAML 2.0. You’ll be pleased to know DreamFactory supports all of these options through a comprehensive set of authentication connectors.
In some cases Basic HTTP authentication will get the job done, however many enterprises require more sophisticated and flexible approaches largely because of the growing adoption of Single Sign On (SSO)-based solutions such as Active Directory and LDAP, and use of third-party identity providers and solutions such as AWS Cognito, Auth0, and Okta. While API Key-based authentication is suffice for many DreamFactory-powered applications, developers often require a higher degree of security through user-specific authentication.
One of DreamFactory’s most popular features is the wide-ranging authentication support.
0 kommentar(er)
