Platform

2 mins read

OAuth Authorization Servers

Utilize OAuth authorization servers to authenticate resource owners and issue access tokens to authorized applications.

Cloudentity comes with an OAuth authorization server built-in to every workspace. This means that you can easily set up a secure, scalable authorization server with just a few clicks.

You can spin up as many workspaces as you wish and each of them will have its own authorization server instance. Depending on the workspace profile you choose, the authorization server can comply, for example, with a specific Open Banking specification out-of-the-box. This provides greater flexibility and allows you to easily manage access to your resources across multiple services and applications. Additionally, Cloudentity supports many OAuth and OIDC Open Standards and is certified in different conformance profiles so you can easily adjust the authorization server’s configuration to match your business requirements.

sequenceDiagram autoNumber participant User participant Client application participant Authorization server participant Resource server (API) activate User User->>Client application: Access activate Client application activate Authorization server Client application->>Authorization server: Request authorization deactivate Client application Authorization server->>User: Display consent User->>Authorization server: Give consent deactivate User Authorization server->>Client application: Issue authorization code activate Client application Client application->>Authorization server: Request token Authorization server->>Authorization server: Validate the request Authorization server->>Client application: Return token deactivate Authorization server Client application->>Resource server (API): Call API with token activate Resource server (API) Resource server (API)->>Client application: Return data deactivate Resource server (API) deactivate Client application

Next Steps

Create OAuth Authorization Server
Add Applications for user authentication or to enable your software to access protected resources.
Add M2M Clients for calling APIs in a machine to machine environments.
Configure Authorization Flows (Grant Types) and OAuth extensions that the authorization server allows connected client applications to use.
Define which client authentication methods client applications can use.
Enable OAuth Dynamic Client Registration to allow client applications to obtain the necessary credentials and configuration information from the authorization server in order to authenticate users and access resources.
Configure tokens minted by the authorization server and issued to authorized and authenticated client applications.
Configure the consent screen displayed to users in the process when a user grants permission for a client application to access their resources on an OAuth authorization server.
Configure access control (authorization) settings for the authorization server. (also workspace) to, for example, assign access policies that validate user attributes before minting an access token.
Set up authentication context to create a common schema that will be used to represent the user data from different identity sources. This schema could include fields for the user’s unique identifier, username, password, email address, and any other relevant information.

Updated: Aug 10, 2023