User Authentication And Authorization
Its not a fair game that anyone can update your TO-DO List. So we need to secure our application with some mechanism.
Predix out of the box has UAA as Service
Checkout this service by typing
cf marketplace -s predix-uaa
Long story short.
- Resource here is the entity
- The User's (Resource Owner) identity belongs to the some bigger ecosystem. For eg: Company SSO, Facebook, Google, Twitter, Yahoo etc.
todo-serveris Resource Server's. These operate on Resource.
todo-clientis the Client who wants to access the to-do list belonging to a particular Owner/User
What we want to accomplish
- Create Predix UAA Instance
- Talking to UAA Instance
- Registering Client
- Create Dummy Users
- Getting Token For A User
PS : This varies from project to project
- Client side gets the token from UAA
- Server side validates the token with UAA
- Server never creates a token
- Server never gets a hands on the User credentials (which could be possible with grant_type password, but I vote against it )