Licensed to be used in conjunction with basebox, only.
Auth Management API
basebox uses an external OpenID Connect service to provide authorization and authentication services. For some tasks, applications based on basebox need access to the authentication provider's management API; this is what basebox' Auth Management API is for.
For example, when you create a new user for your application, a user record is created in the database managed by basebox and the user database managed by your auth provider service.
When a user wants to deregister from your application, you have to delete his/her data from the application database (which is managed by basebox) and the user database managed by your auth provider service (GDPR compliance). This is where basebox' Auth Management API comes into play.
basebox' Auth Management API is currently very limited, but we will add more functionality in the future.
Calls to basebox Auth Management API* are done via GraphQL.
Currently, only Auth0 is supported by basebox' Auth Management API. We will add support for other providers in the future (e.g. Keycloak).
basebox' Auth Management API is configured in the
[auth_management] section of the
broker configuration file; the configuration is provider specific. Follow the provider specific links below for details.
See API for details.
Currently basebox supports Operation Level Security, meaning that, if a user would like to call any GraphQL operation, the user would first need permissions to access this operation; these permissions need to be in the access token in an array structure called
Permissions. Each operation needs to have the format
allow::bb::operation::<operationName> as strings in the Permissions array. This can be added quite easily to an IdP like Auth0. Auth0 has a built in
Permissions structure where the operations, in the correct format, can be added. The
Permissions tab can be found in Auth0 under the API that you have setup for the service.