An Expert Guide to Using Digital Platforms

Authentication Provided by an Identity Provider for an API

A modern Digital Platform API typically uses the industry standard OAuth and OpenID Connect to allow clients to Authenticate to the API. This functionality is typically provided by a third party Identity Provider system such as OktaAuth0Microsoft Azure Active Directory etc.

With OAuth, when the user tries to access a protected resource (such as the order above), they must provide a “bearer token” which was issued by the Identity Provider to authenticate their identity. If the user does not provide a valid token, then the user will be prompted to logon to the Identity Provider to obtain a token.

Tokens

Tokens are typically provided as JSON Web Tokens and they look something like this:

{

  “ver”: 1,

  “jti”: “AB.j5d093ynt095y4nt45uth409gn4mh59”,

  “iss”: “https://okta.somewhere.com/oauth2/8947dh63487326hx8”,

  “aud”: “p349tcu4ogjmpgeo”,

  “iat”: 1561553243,

  “exp”: 1561556843,

  “cid”: “uictnp9cny3t9”,

  “uid”: “ciu3tm958mct089”,

  “scp”: [

    “openid”,

    “profile”

  ],

  “sub”: “[email protected]

}

This JWT identifies information, including the following:

  • Issuer: okta.somewhere.com (the Identity Provider that issued this token)
  • Expires: the date and time (as a UNIX epoch) when this token expires
  • Audience: The application that this token authorises access to
  • And more…

Providers

OAuth and OpenID Connect are very widely implemented by an identity provider such as Okta, Auth0, Microsoft Azure Active Directory, Twitter (who invented it), FacebookGoogle and many, many more. Next, we look at implementing with the help of Microsoft Azure API Management!

Click below to view the next chapter on implementing using Microsoft Azure management.

Nick McKenna
Since 2004, Nick McKenna, BSc, MBCS Biography has been the CEO of McKenna Consultants. McKenna Consultants is a bespoke software development based in North Yorkshire, specialising in AI Assistant Development, large-scale eCommerce, WOPI and Microsoft Office Add-In development. Nick also holds a First Class Degree in Computer Science (BSc) and wrote his first computer program at the age of nine, on a BBC Micro Model B computer. For the last 27 years, Nick has been a professional computer programmer and software architect. Nick’s technical expertise includes; AI, WOPI, Microsoft Office integration, Microsoft Office Add-Ins, large-scale eCommerce, Microsoft Azure, eProcurement, mobile development, Internet Of Things and more. In addition, Nick is experienced in Agile coaching, training and consultancy, applying modern Agile management techniques to marketing and running McKenna Consultants, as well as the development of software for clients. Outside the office, Nick is a professional scuba diver and he holds the rank of Black Belt 5th Dan in Karate.