Authentication

Simon Redfern edited this page Jun 26, 2018 · 10 revisions

Open Bank Project supports four modes of authentication.

1) OAuth 1.0a using OBP OAuth1.0a

OAuth 1.0a is a protocol which OBP implements in its server.

This is the default mode of authentication. OBP includes an implementation of OAuth1.0a in Scala.

OBP Apps such as API Explorer, API Manager, Sofit and API Tester are all OAuth1.0a Apps.

For more information, see OAuth client / SDKS and OAuth 1.0a Server and OAuth illustration

2) OAuth 2 + Open ID connect using an external server

OAuth 2 is a framework which Open ID connect builds upon.

OBP API supports OAuth2 + Open ID Connect using an external server such as Mitreid the source code of which is here.

3) Direct Login.

Direct Login is a protocol for use in innovation and trusted environments.

Step 1: User credentials and a consumer key are exchanged for a JWToken.

Step 2: Protected calls to the OBP API are made using the JWT in the header.

Step 3: OBP-API reads the token, extracts the User and responds appropriately.

OBP API Tester supports this mode of Authentication.

For more information see: https://github.com/OpenBankProject/OBP-API/wiki/Direct-Login

4) Gateway Login

Gateway Login is a protocol for use when OBP-API operates behind a Gateway.

Step 1: The Gateway performs authenticaiton using any means and builds a JWT containing username and consumer information.

Step 2: The Gateway forwards resource requests to OBP-API with the addition of the JWT in the header.

Step 3: OBP-API validates the JWT, extracts the User and makes calls to the CBS on behalf of that user. OBP generates a JWT and includes that in the custom response header which the Gateway can use in subsequent calls.

OBP API Tester supports this mode of Authentication.

For more information see https://github.com/OpenBankProject/OBP-API/wiki/Gateway-Login

In short, if a server side application has authenticated the User and is trusted by OBP-API, it may use Gateway Login to obtain resources and call services on behalf of the User.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.