-
Notifications
You must be signed in to change notification settings - Fork 447
Authentication
Open Bank Project supports four modes of authentication.
OAuth 1.0a is a protocol which OBP implements in its server.
This is the default mode of authentication. OBP includes an implementation of OAuth1.0a in Scala.
OBP Apps such as API Explorer, API Manager and Sofit are all OAuth1.0a Apps.
2) OAuth 2 + Open ID connect using an external server (e.g. https://mitreid.org/)
OAuth 2 is a framework which Open ID connect builds upon.
This mode is experimental and requires an external OAuth2 + Open ID Connect server such as Mitreid
Direct Login is a protocol for use in innovation and trusted environments. Step 1: User credentials and a consumer key are exchanged for a JWToken. Step 2: Protected calls to the OBP API are made using the JWT in the header. Step 3: OBP-API reads the token, extracts the User and responds appropriately.
For more information see: https://github.com/OpenBankProject/OBP-API/wiki/Direct-Login
Gateway Login is a protocol for use when OBP-API operates behind a Gateway. Step 1: The Gateway performs authenticaiton using any means and builds a JWT containing username and consumer information. Step 2: The Gateway forwards resource requests to OBP-API with the addition of the JWT in the header. Step 3: OBP-API validates the JWT, extracts the User and makes calls to the CBS on behalf of that user. OBP generates a JWT and includes that in the custom response header which the Gateway can use in subsequent calls.
For more information see https://github.com/OpenBankProject/OBP-API/wiki/Gateway-Login
In short, if a server side application has authenticated the User and is trusted by OBP-API, it may use Gateway Login to obtain resources and call services on behalf of the User.