Skip to main content

One post tagged with "Security"

View All Tags

· 3 min read
Nitish Sharma

Introduction

In this module of IgniteConnex Identity, we will be configuring an identity for a specific app. After configuring, we will create a custom endpoint in IgniteConnex flows and will secure the endpoint using IgniteConnex Identity.

The end goal is to add authentication and secure the API created in flows using IgniteConnex Identity.

Let's configure IgniteConnex Identity

You will be given access to the IgniteConnex Identity platform with login credentials. Login to your portal with credentials. You will land on a page which looks like this:


  1. Let's create a new client

Client in identity is just the web-app.


Click on create and enter name of client and root-url for the client.


note

Copy this client name somewhere, you will need it later.

  1. Enable access-type to confidential We are enabling it to confidential to generate its client secret.

  • Generate Client secret

note

Copy this secret somewhere, you will need it later.

  • Create a user Enter the username, email, firstname and lastname to continue.


note

Copy this username somewhere, you will need it later.

  • Set a password for this user

note

Copy this password somewhere, you will need it later.

To protect an API:

We will be creating an endpoint that:

  1. Gives us the access token for the user.
  2. A Protected API, which can give data only with a valid access token.

Let's create a basic endpoint to fetch user access token

  1. Open IgniteConnex Editor
  2. Create a new flow same as given below. Fill in the right details (all details are already copied to a safe place as mentioned above)

We have created a post method for getting a token. We will be sending user credentials in JSON as below using postman.


Here Get token is used to retrieve the user's token by which authentication can be performed.

Let's secure an API

  • Use validate token connector to secure a API at the starting of the endpoint

  • This connector will verify the user identity, and if the user has access to the resource. He will get the result else the output will be unauthorized.

Create a Request with the postman on the validate endpoint and pass the token as request headers as "Bearer (token)" This validate API is secured.


Conclusion

We have finally created an API which is secured and backed with IgniteConnex Identity.