Authentication Provided By An Identity Provider For An API
Digital Platform Part 7 Of 10
A modern Digital Platform API typically uses the industry standard OAuth and OpenID Connect to allow clients to Authenticate to the API. This functionality is typically provided by a third party Identity Provider system such as Okta, Auth0, Microsoft Azure Active Directory etc.
With OAuth, when the user tries to access a protected resource (such as the order above), they must provide a “bearer token” which was issued by the Identity Provider to authenticate their identity. If the user does not provide a valid token, then the user will be prompted to logon to the Identity Provider to obtain a token.
Tokens are typically provided as JSON Web Tokens and they look something like this:
This JWT identifies information including the following:
- Issuer: okta.somewhere.com (the Identity Provider that issued this token)
- Expires: the date and time (as a UNIX epoch) when this token expires
- Audience: The application that this token authorises access to
- And more…
Next, we look at implementing with the help of Microsoft Azure API Management!
If you have any questions for our specialists at Mckenna Consultants please feel free to contact us.