User Authentication And Authorization
Its not a fair game that anyone can update your TO-DO List. So we need to secure our application with some mechanism.
Predix out of the box has UAA as Service
Checkout this service by typing cf marketplace -s predix-uaa
This service is inspired by Cloudfoundry/UAA and API documentation here.
If you are not sure what OAuth2 / SAML works. Checkout some of the references given below.
Long story short.
- Resource here is the entity
to-do
- The User's (Resource Owner) identity belongs to the some bigger ecosystem. For eg: Company SSO, Facebook, Google, Twitter, Yahoo etc.
todo-server
is Resource Server's. These operate on Resource.todo-client
is the Client who wants to access the to-do list belonging to a particular Owner/User
What we want to accomplish
- Create Predix UAA Instance
- Talking to UAA Instance
- Registering Client
- Create Dummy Users
- Getting Token For A User
Design Guidelines
PS : This varies from project to project
- Client side gets the token from UAA
- Server side validates the token with UAA
- Server never creates a token
- Server never gets a hands on the User credentials (which could be possible with grant_type password, but I vote against it )