forked from wso2/docs-is
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request wso2#4590 from himeshsiriwardana/ana-minor-fixes
Made improvements to the app-native authentication docs
- Loading branch information
Showing
14 changed files
with
228 additions
and
211 deletions.
There are no files selected for viewing
2 changes: 1 addition & 1 deletion
2
...tication/add-app-native-authentication.md → ...tication/add-app-native-authentication.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,4 @@ | ||
| {% set api_base_path = "https://api.asgardeo.io/t/{organization_name}/oauth2/authorize/" %} | ||
| {% set api_example_base_path = "https://api.asgardeo.io/t/bifrost/oauth2/authorize/" %} | ||
|
|
||
| {% include "../../../../includes/guides/authentication/add-app-native-authentication.md" %} | ||
| {% include "../../../../../includes/guides/authentication/app-native-authentication/add-app-native-authentication.md" %} |
5 changes: 5 additions & 0 deletions
5
...hentication/app-native-authentication/configure-advanced-app-native-settings.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| {% set api_base_path = "https://api.asgardeo.io/t/{organization_name}/oauth2/authorize/" %} | ||
| {% set api_example_base_path = "https://api.asgardeo.io/t/bifrost/oauth2/authorize/" %} | ||
|
|
||
| {% include "../../../../../includes/guides/authentication/app-native-authentication/configure-advanced-app-native-settings.md" %} | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
...tication/add-app-native-authentication.md → ...tication/add-app-native-authentication.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,3 @@ | ||
| {% set api_base_path = "https://localhost:9443/oauth2/authorize/" %} | ||
| {% set api_example_base_path = "https://localhost:9443/oauth2/authorize/" %} | ||
| {% include "../../../../../includes/guides/authentication/add-app-native-authentication.md" %} | ||
| {% include "../../../../../../includes/guides/authentication/app-native-authentication/add-app-native-authentication.md" %} |
3 changes: 3 additions & 0 deletions
3
...hentication/app-native-authentication/configure-advanced-app-native-settings.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| {% set api_base_path = "https://localhost:9443/oauth2/authorize/" %} | ||
| {% set api_example_base_path = "https://localhost:9443/oauth2/authorize/" %} | ||
| {% include "../../../../../../includes/guides/authentication/app-native-authentication/configure-advanced-app-native-settings.md" %} |
1 change: 1 addition & 0 deletions
1
...tity-server/7.0.0/docs/guides/authentication/app-native-authentication/index.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {% include "../../../../../../includes/guides/authentication/app-native-authentication/index.md" %} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
...tication/add-app-native-authentication.md → ...tication/add-app-native-authentication.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,3 @@ | ||
| {% set api_base_path = "https://localhost:9443/oauth2/authorize/" %} | ||
| {% set api_example_base_path = "https://localhost:9443/oauth2/authorize/" %} | ||
| {% include "../../../../../includes/guides/authentication/add-app-native-authentication.md" %} | ||
| {% include "../../../../../../includes/guides/authentication/app-native-authentication/add-app-native-authentication.md" %} |
3 changes: 3 additions & 0 deletions
3
...hentication/app-native-authentication/configure-advanced-app-native-settings.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| {% set api_base_path = "https://localhost:9443/oauth2/authorize/" %} | ||
| {% set api_example_base_path = "https://localhost:9443/oauth2/authorize/" %} | ||
| {% include "../../../../../../includes/guides/authentication/app-native-authentication/configure-advanced-app-native-settings.md" %} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
125 changes: 125 additions & 0 deletions
125
...uides/authentication/app-native-authentication/add-app-native-authentication.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,125 @@ | ||
| # Add app-native authentication | ||
|
|
||
| In traditional applications, login is usually fulfilled by a web browser. This means that the users who attempt to log in to these applications will have to be redirected to a web browser for authentication. This is not ideal if your goal is to provide the user with a seamless login experience or if you have a business need to keep users within the application's environment. | ||
|
|
||
| App-Native Authentication takes an API-based approach to let developers implement a secure login experience directly within the application along with features such as Multi-Factor Authentication (MFA), adaptive authentication, and support for federated logins. With app-native authentication users will have a seamless login experience from right within the application without the need to be redirected elsewhere for login. | ||
|
|
||
|
|
||
| !!! warning "Limitations of App-Native Authentication" | ||
|
|
||
| - At the time of login, app-native authentication, | ||
|
|
||
| - does not prompt the user to provide missing mandatory attributes. | ||
| - does not prompt the user for consent to share attributes with the application. | ||
| - does not support prompts in adaptive authentication flows. | ||
| - does not facilitate enrolling authenticators (e.g. TOTP authenticator). | ||
|
|
||
| - App-native authentication does not support all authentication methods. If you have an unsupported option configured, the login flow will not be initiated. | ||
|
|
||
|
|
||
| ## How it works | ||
|
|
||
| The following diagram illustrates the high-level steps involved with app-native authentication. | ||
|
|
||
| {: width="650" style="display: block; margin: 0; border: 0px;"} | ||
|
|
||
|
|
||
| 1. User initiates a login request at the application's login page. | ||
| 2. The application initiates an app-native authentication request with the server. The initial request made by the application is similar to an [OAuth 2.0 authorization code request]({{base_path}}/guides/authentication/oidc/implement-auth-code/) but with the `response_mode` set to `direct` as shown below. | ||
|
|
||
| === "Sample request" | ||
|
|
||
| ```java | ||
| curl --location '{{api_base_path}}' | ||
| --header 'Accept: application/json' | ||
| --header 'Content-Type: application/x-www-form-urlencoded' | ||
| --data-urlencode 'client_id=<client_id>' | ||
| --data-urlencode 'response_type=<response_type>' | ||
| --data-urlencode 'redirect_uri=<redircet_url>' | ||
| --data-urlencode 'state=<state>' | ||
| --data-urlencode 'scope=<space separated scopes>' | ||
| --data-urlencode 'response_mode=direct' | ||
| ``` | ||
|
|
||
| === "Example" | ||
| ```java | ||
| curl --location '{{api_example_base_path}}' | ||
| --header 'Accept: application/json' | ||
| --header 'Content-Type: application/x-www-form-urlencoded' | ||
| --data-urlencode 'client_id=VTs12Ie26wb8HebnWercWZiAhMMa' | ||
| --data-urlencode 'response_type=code' | ||
| --data-urlencode 'redirect_uri=https://example-app.com/redirect' | ||
| --data-urlencode 'state=logpg' | ||
| --data-urlencode 'scope=openid internal_login' | ||
| --data-urlencode 'response_mode=direct' | ||
| ``` | ||
|
|
||
| 3. The server responds with instructions for the next step of the authentication. | ||
| 4. The application displays the available authentication options to the user and prompts the user to enter the credentials. | ||
| 5. User interacts with the application and enters the credentials for a selected authentication option. | ||
| 6. The application gathers the credentials and sends an authentication request back to the server using the **Authentication API**. | ||
|
|
||
| !!! info | ||
| Steps 3-6 repeat for all authentication steps configured for the application. | ||
|
|
||
| !!! tip "What is the Authentication API?" | ||
| - The Authentication API is an interactive, stateful API that facilitates a multi-step authentication flow. See its [OpenAPI definition]({{base_path}}/apis/app-native-authentication-api/) for more details. | ||
| - While app-native authentication is initiated at the `/authorize` endpoint, the authentication API fulfills the actual authentication for each step by interacting with the `/authn` endpoint. | ||
|
|
||
| 7. After the authentication is complete, the application receives an OAuth2 authorization code in the response. | ||
|
|
||
| !!! note "Learn more" | ||
| While this section provides a brief overview, it is highly recommended to read through [app-native authentication]({{base_path}}/references/app-native-authentication) to understand the concept in detail. | ||
|
|
||
|
|
||
| ## Try it out | ||
| Follow the steps below to try out App-Native Authentication with {{product_name}}. | ||
|
|
||
| !!! warning "Attention" | ||
| App-native authentication should be limited exclusively to an organization's internal applications. AVOID using it with third-party applications to mitigate the risk of credential exposure. | ||
|
|
||
| ### Prerequisites | ||
|
|
||
| - To get started, you need to [register an application with {{ product_name }}]({{base_path}}/guides/applications/). | ||
|
|
||
| - You need to have a user account in {{ product_name }}. If you don't already have one, [create a user account]({{base_path}}/guides/users/manage-users/#onboard-a-user) in {{ product_name }}. | ||
|
|
||
| ### Enable App-Native Authentication | ||
|
|
||
| Follow the steps below to enable app-native authentication for your application. | ||
|
|
||
| 1. On {{product_name}} Console, go to **Applications**. | ||
|
|
||
| 2. Go to the **Protocol** tab and select **Code** from **Allowed grant types**. | ||
|
|
||
| 3. Click **Update** to save the changes. | ||
|
|
||
| 4. Go to the **Advanced** tab of your application and select **Enable app-native authentication API**. | ||
|
|
||
| {: width="600" style="display: block; margin: 0; border: 0.3px solid lightgrey;"} | ||
|
|
||
| 5. Click **Update** to save the changes. | ||
|
|
||
| 6. Go to the **Login flow** tab and configure a login flow with the supported authentication options. | ||
|
|
||
| ??? tip "Finding supported authentication options in the login flow" | ||
| Supported authentication options are tagged with `#APIAuth`. | ||
|
|
||
| {: width="400" style="display: block; margin: 0;"} | ||
|
|
||
| 7. Click **Update** to save the changes. | ||
|
|
||
| 8. Try out App-Native Authentication using Postman. | ||
|
|
||
| {% if product_name=="Asgardeo"%} | ||
| [](https://app.getpostman.com/run-collection/8657284-83f51f64-fe45-4ca4-88b0-f670562d6b44){: target="#"} | ||
| {% else %} | ||
| [](https://app.getpostman.com/run-collection/8657284-8d164672-61aa-4326-bc5e-30314c49f6d0){: target="#"} | ||
| {% endif %} | ||
|
|
||
| !!! note | ||
| Learn more about the API calls in [App-native authentication]({{base_path}}/references/app-native-authentication/). | ||
|
|
||
| ## What's next? | ||
|
|
||
| Go through [Add advanced app-native configurations]({{base_path}}/guides/authentication/app-native-authentication/configure-advanced-app-native-settings/) to learn about advanced features such as how to secure the authentication request and handle Single Sign-On (SSO) with app-native authentication. |
Oops, something went wrong.