Authentication Grant
An Object
An Authentication Grant provides a way for you to generate alternate credentials for authenticating as a user to a platform. These alternate credentials consist of a key and a secret (much like a client's key and secret). You can use this key and secret in the same places where you might otherwise use a username and password.
Why would you want to use an Authentication Grant? Here are a few reasons:
- Authentication Grants provide a way for you to distribute user authentication credentials without actually having to give out the usernames and passwords of your users.
- Authentication Grants are constrained to specific users AND specific clients. Thus, if someone hacks around and manages to figure out your Authentication Grant's key and secret, they are still constrained to only accessing a single platform as a single client and user.
- If your Authentication Grant's key and secret are compromised (i.e. someone hacked around, figured out what the key/secret is and started trying to do malicious things), you can disable the Authentication Grant. This doesn't affect the user or the client. But the Authentication Grant is shut down. Booyah.
Authentication Grants are also configurable so that you can enhance and control their security characteristics.
For example, by chaining to a specific client, you can specify exactly which OAuth2 Authorization Flows an Authentication Grant can participate in (by tightening security around the client). In this way, you could do things like limit access only for those who authorize using the full "authentication code" OAuth2 Flow (which is the most secure, in our view, of all flows).
Or, you might opt to allow for reduced security for certain grants that you know are being used by trusted domains. Authentication Grants can be configured for Open Driver authentication which is a variant of the OAuth2 "password" Flow intended for JavaScript/HTML5 applications.
| Note |
Parent
This Authentication Grant is contained within a Platform.
Properties
The following properties are available:
| Property | Type | Default | Read-Only | Description |
|---|---|---|---|---|
| _doc | string | No | The primary ID | |
| _system | object | No | Metadata maintained by the system | |
| allowOpenDriverAuthentication | boolean | No | ||
| clientId | string | No | ||
| enabled | boolean | No | ||
| key | string | No | ||
| principalDomainId | string | No | ||
| principalId | string | No | ||
| secret | string | No |
Schema
{
"type": "object",
"extends": "document",
"description": "Authentication Grant",
"container": "platform",
"properties": {
"key": {
"type": "string"
},
"secret": {
"type": "string"
},
"principalDomainId": {
"type": "string"
},
"principalId": {
"type": "string"
},
"clientId": {
"type": "string"
},
"allowOpenDriverAuthentication": {
"type": "boolean"
},
"enabled": {
"type": "boolean"
},
"_doc": null,
"_system": null
},
"id": "authgrant"
}