Skip to content

Authentication Introduction

In order for a third-party application to make requests to the Konexus Platform API, it must obtain a short-lived access token from the Konexus Authorization Server using the OAuth 2.0 Client Credentials grant.

OAuth 2.0 Client Credentials

The OAuth 2.0 client credentials grant flow permits an application or web service (confidential client) to use its own credentials to authenticate when calling another web service. This is known as machine-to-machine authentication. This type is commonly used for server-to-server interactions that must run in the background, without immediate interaction with a user, and is often referred to as daemons or service accounts.

Warning

The client credentials grant type MUST only be used by confidential clients. Never use the client credentials flow when your client secret is exposed to end users or the browser.

In the client credentials flow, permissions are granted directly to application itself by an association to a user. When the app presents a token to a resource, the resource enforces that the app itself has authorization to perform an action since there is no user involved in the authentication.

sequenceDiagram;
  participant C as Client Application
  participant A as Authorization Server
  participant R as Resource Server (Konexus Platform API)

  C ->>+ A: 1. Request access token with ClientId + Secret
  A ->> A: Validate Application Credentials
  A ->>- C: 2. Respond with Access Token
  C ->>+ C: Validate Access Token
  C ->>- R: 4. API Request with access token
  R ->> R: 4. Resource Server Validates Access Token
  R ->> C: 5. Response

Retrieve OpenID Configuration Information

The Konexus Authorization Server is available at https://auth.alertsense.com. The authorization and token endpoints can be obtained by making a request to the well-known openId configuration endpoint.

GET - https://auth.alertsense.com/.well-known/openid-configuration 

{
"issuer": "https://auth.alertsense.com",
// ...
"authorization_endpoint": "https://auth.alertsense.com/connect/authorize",
"token_endpoint": "https://auth.alertsense.com/connect/token",
//...
}

The token_endpoint will be used in the next step of authenticating your application.

Whats next?

Next: Retrieving and Validating an Access Token