Identity Service
The NativeWaves Cloud documentation is currently under construction. Please contact us if you have questions and need further assistance.
The identity service offered by NativeWaves is an implementation of an OpenID Connect provider that focuses on providing authentication services. Its primary purpose is to seamlessly integrate user identity management into our application and services, ensuring secure access for users. You can either create a NativeWaves user account or utilize existing accounts from external identity providers like Microsoft Azure AD/Office 365.
For more in-depth information regarding the REST API of this service, we encourage you to check the Swagger API documentation. This comprehensive page outlines the various endpoints, parameters, and responses of the API.
The Identity Service facilitates user authentication by giving out identity, access and refresh tokens after successful login. These tokens are JSON Web Tokens (JWTs) that are summarized in the following overview:
- Identity Tokens: Identity tokens, contain information about the authenticated user's identity. They typically include details such as user Id, name, and other relevant attributes. Identity tokens are primarily used to verify the identity of the user during authentication processes and are usually short-lived. In the context of a NativeWaves API, identity tokens are not directly used for interacting with the API. Instead, they are primarily used by the user application to retrieve information about the authenticated user.
- Access Tokens: Access tokens are issued to authenticated users after a successful login. Access tokens are usually included in the authorization header of NativeWaves API requests and are validated by the server to ensure that the user has the necessary permissions. They have a limited lifespan to enhance security and are associated with a specific set of scopes that define the level of access granted.
- Refresh Tokens: Refresh tokens are long-lived tokens that are provided alongside an access token during authentication. While access tokens have a limited lifespan, refresh tokens are designed to be used to obtain new access tokens once the original token expires. They serve as a secure mechanism to request fresh access tokens without requiring the user to reauthenticate. Refresh tokens are typically kept in a secure storage, such as an HTTP-only cookie, and are used to request new access tokens when needed.
With the Identity Service, you or a NativeWaves application can retrieve detailed user information. This information may include the user's name, email address, and other relevant attributes like profile picture, depending on the scope and permissions granted.
When authenticating a user within a NativeWaves application like the NativeWaves Console, the normal login flow is followed. This involves the user logging in using their NativeWaves user account credentials (email and password) or an external identity provider.
After successful authentication, the application utilizes the different JWT tokens (identity, access, and refresh tokens) retireved after login to ensure that the user remains logged in and authenticated.
(Upcoming) This feature is not implemented yet and will be part of a future release.
API keys offer a simpler alternative to managing JWT tokens, allowing programmatic access to NativeWaves services. In the NativeWaves console, users will be able to create and manage API keys, which can be used in API requests instead of JWT tokens.
(Upcoming) This feature is not implemented yet and will be part of a future release.
In addition to API keys, NativeWaves offers the capability to integrate a custom OpenID Connect provider with an existing NativeWaves user account. This feature allows you to authenticate a NativeWaves user by using a JWT bearer token from your own OpenID Connect provider.
To enable this authentication method, you can specify certain attributes (such as issuer, audience, subject ID, etc.) in the NativeWaves console that require a match between the JWT bearer token and the NativeWaves user account. By configuring these attributes, you can establish a trusted connection between your custom OpenID Connect provider and NativeWaves, allowing seamless authentication for NativeWaves users.
This method eliminates the need to store API keys and allows you to reuse your existing OpenID Connect security system when interacting with NativeWaves services and APIs.