Authentication Provided By An Identity Provider For An API

Digital Platform Part 7 Of 10

A modern Digital Platform API typically uses the industry standard OAuth and OpenID Connect to allow clients to Authenticate to the API. This functionality is typically provided by a third party Identity Provider system such as Okta, Auth0, Microsoft Azure Active Directory etc.

With OAuth, when the user tries to access a protected resource (such as the order above), they must provide a “bearer token” which was issued by the Identity Provider to authenticate their identity. If the user does not provide a valid token, then the user will be prompted to logon to the Identity Provider to obtain a token.

Tokens

Tokens are typically provided as JSON Web Tokens and they look something like this:

{

  “ver”: 1,

  “jti”: “AB.j5d093ynt095y4nt45uth409gn4mh59”,

  “iss”: “https://okta.somewhere.com/oauth2/8947dh63487326hx8”,

  “aud”: “p349tcu4ogjmpgeo”,

  “iat”: 1561553243,

  “exp”: 1561556843,

  “cid”: “uictnp9cny3t9”,

  “uid”: “ciu3tm958mct089”,

  “scp”: [

    “openid”,

    “profile”

  ],

  “sub”: “someone@somdomain.com”

}

This JWT identifies information including the following:

  • Issuer: okta.somewhere.com (the Identity Provider that issued this token)
  • Expires: the date and time (as a UNIX epoch) when this token expires
  • Audience: The application that this token authorises access to
  • And more…

Providers

OAuth and OpenID Connect are very widely implemented by an identity provider such as Okta, Auth0, Microsoft Azure Active Directory, Twitter (who invented it), Facebook, Google and many, many more.

Next, we look at implementing with the help of Microsoft Azure API Management!

If you have any questions for our specialists at Mckenna Consultants please feel free to contact us.     

Nick McKenna
Since 2004, Nick McKenna, BSc, MBCS Biography has been the CEO of McKenna Consultants. McKenna Consultants is a bespoke software development based in North Yorkshire, specialising in Cloud development, mobile App development, progressive web App development, systems integration and the Internet of Things development. Nick also holds a First Class Degree in Computer Science (BSc) and wrote his first computer program at the age of nine, on a BBC Micro Model B computer. For the last 21 years, Nick has been a professional computer programmer and software architecture. Nick’s technical expertise includes; Net Core, C#, Microsoft Azure, Asp.Net, RESTful web services, eProcurement, Swift, iOS mobile development, Java, Android mobile development, C++, Internet Of Things and more. In addition, Nick is experienced in Agile coaching, training and consultancy, applying modern Agile management techniques to marketing and running McKenna Consultants, as well as the development of software for clients. Nick is a Certified Enterprise Coach (Scrum Alliance), SAFe Program Consultant (SAI), Certified LeSS Practitioner (LeSS) and Certified Scrum@Scale Practitioner. Outside the office, Nick is a professional scuba diver and he holds the rank of Black Belt 5th Dan in Karate.