Overview

OneContactLogin is the authentication and authorization component of Collab's system, based on OpenID Connect architecture.

OneContactLogin has 2 components:

  • OneContactIdentity - Is a token provider and provides each user with authentication, where identifies each user, email and applications allowed. It provides security to all system by identifying who reaches OneContactLogin and who goes through.
  • OneContactAuthority - Receives tokens from OneContactIdentity and replies with the user's roles and  permissions.

OCL.png

 

Terminology

OneContactLogin - OneContactLogin is an OpenID Connect provider - it implements the OpenID Connect and OAuth 2.0 protocols and issues security tokens to clients.

OneContactLogin has a number of jobs and features - including:

  • Protect your resources.
  • Authenticate users using a local account store or via an external identity provider.
  • Provide session management and single sign-on.
  • Manage and authenticate clients.
  • Issue identity and access tokens to clients.
  • Validate tokens.

User - A user is a human that is using a registered client to access resources.

Client - A client is a piece of software that requests tokens from OneContactLogin - either for authenticating a user (requesting an identity token) or for accessing a resource (requesting an access token). A client must be first registered with OneContactLogin before it can request tokens.

Resources - Resources are something you want to protect with OneContactLogin - either identity data of your users, or APIs. Every resource has a unique name - and clients use this name to specify to which resources they want to get access to.

Identity data Identity information (aka claims) about a user, e.g. name or email address.

APIs APIs resources represent functionality a client wants to invoke - typically modeled as Web APIs, but not necessarily.