Response contains challenge as described earlier: In the absence of previous communication and cached data the client does HTTP GET request without providing Authorization data. The flow starts with the client initiating connection to the CRM Server. WWW-Authenticate: Bearer redirect_uri= Client App For the CRM Server discussed in this section an example challenge can be: Where redirect_uri is a string identifying one of the STS instances the client application trusts.
WWW-Authenticate: Bearer redirect_uri=, Params= If the client request does not carry authentication token or token validation fails, the server MUST respond with authentication challenge as described in bearer doc: The security token sent over authenticates the user and optionally the client app to the CRM Server. The CRM Server will crack open the token, check for integrity, verify signing identity and authorize the identities carried in the token against the resource authorization policy. Mechanism is described in OAuth bearer token specification: Īs described in the document above, authentication token is carried in Authorization HTTP header: Authentication tokens are carried to the CRM Server in well-defined transport protocol element. The authentication process involves client app acquiring token from the STS and sending it to CRM Server over SSL. Tokens discussed in this document are of this type Authentication Process Apps discussed in this doc use HTTP as transport and HTTP headers to carry protocol authentication payload.īearer Token – Token than can be used without additional proof. The protocol must provide provision for transporting authentication token. Resource Server Protocol – protocol between client and server app. Resource Server (CRM Server ) – Application consuming authentication token Optionally authenticates client applicationĬlient– Application requesting authorization token on user behalfĬlient ID – an identifier unique within STS realm representing the Client App Token Endpoint – Token issuance endpoint. OAuth2.0 authorization service exposes 2 endpoints:Īuthorization Endpoint – Performs user authentication and consent in browser context OAuth 2.0 standard refers to it as Authorization Server, but semantics is the same. Security Token Service (STS) – service issuing authentication tokens meant to be consumed by Server Applications based on some “proofs” presented by the requesting Client Application. The client app will acquire authentication token from Security Token Service (STS) which will be passed to the CRM Server as proof of authentication. OAuth 2.0 will serve as the authentication protocol for this scenario. Scenario – Client app talking to CRM cloud service which needs to authenticate the user behind the app.
0 kommentar(er)
