Artificial Intelligence Corporate Risk
  • Welcome
  • Getting Started
    • Inviting Users
    • Adding New Large Language Models
      • Azure OpenAI Service
      • OpenAI
      • Mistral
      • Google AI
      • LLaMA AI
      • AWS Bedrock
  • Chat
    • Initiating a Chat
    • Viewing Chat History
  • Dashboards
    • Creating Dashboards
    • Dashboard Elements
      • Top N
      • Charts and Graphs
      • Totals
      • Maps
  • Monitoring
    • Adding a User to the Monitor Role
    • Setting up alerts and issues
    • Editing Issues
  • Compliance
    • Adding a User to the Compliance Role
    • Creating a Search
    • Consuming the Results
  • Admin
    • AI Agents
      • Adding a New Agent
        • General Settings
        • Agent Engine Properties
          • Azure OpenAI
          • OpenAI
          • Mistral
          • Google AI
          • LLaMA AI
          • AWS Bedrock
        • Advanced Settings
          • Usage
            • Max Messages
            • LLM Temperature
          • Scanners
            • AI Scanners
            • General Scanners
          • API Keys
          • Files
      • Editing an Agent
      • Deleting an Agent
      • Adding from a Template
    • Company
      • General Information
      • External Agent Provider Settings
    • Custom APIs
      • OAuth2 API
      • Adding a New API
        • API Information
        • API Headers
        • API Endpoint Parameters
        • API Query Parameters
        • Body Parameters
      • Editing a Custom API
      • Deleting a Custom API
    • Custom Database
    • Users
      • Inviting a New User
      • Deleting a User
      • Roles
        • Accessing User Roles
      • Assigning an Agent
      • Setting a Default Agent
    • Groups
      • Adding a New Group
      • Deleting a Group
      • Assigning a User
      • Removing a User
      • Adding an Agent
      • Removing an Agent
    • Agent Scanner Defaults
      • Toxicity
      • Personal Information
      • Topic Scanner
      • Prompt Injection Detection
      • Regex Scanner
      • Geographic Gating
      • Language Detection
      • Allowed File Types
    • Logs
      • Interpreting Logs
  • Server Admin
    • Upgrade
    • Default Agents
      • Adding a New Agent
    • Data Archive
    • API Access
      • Chat
        • List Agents
        • Create Conversation
        • List of Conversations
        • Get Conversations
        • Ask Agent
        • Chat with Agent
        • Add File to Conversation
        • Add Files to Agent
        • Deleting a File
      • OAuth2
        • OAuth2
        • OAuth2 Token
      • Users
        • List Users
        • Create User
        • Add User to Group
        • Set User Token
        • Delete User
      • How to Launch Our API Example
        • How the Code Works
    • Configure OAuth2
    • Custom Secrets
  • API Overview
    • Authentication
    • Calling the Scanner
    • Consuming the Results
    • 📃Pagination
      • Understanding API Parameters
      • Pagination Helper
      • Example Page
      • Recap
    • AIRisk API OAuth2 Authentication
      • Authorization
      • Authorization Endpoint
        • Example Authorization URL
        • Error Responses
      • Tokens
        • Error Handling
        • Generic vs. User-Specific Tokens
          • Example Usage Flow / Reasons
        • Usage of the Access Token
      • Token Endpoint
        • Example Token Request
        • Error Responses
      • Summary of OAuth2 Authorization Flow
  • Managing Your Account
    • Personal Data
  • Support
    • Onboarding Check List
  • Internal Deployment
    • Outlook Plugin
    • Firewall Rules
    • Infrastructure
    • Graph Connection Requirements
    • Zoom Transcripts
  • Release Notes
    • V4.28
    • V4.12
    • V4.0
    • V3.71
    • V3.0 Beta
    • V2.23
    • V2.22
    • V2.120 HotFix
    • V2.103 June 1
Powered by GitBook
On this page
  1. API Overview
  2. AIRisk API OAuth2 Authentication
  3. Tokens
  4. Generic vs. User-Specific Tokens

Example Usage Flow / Reasons

  • Two-Step Authentication Process

    • Description: You have an app using the remote AIRisk instance in which only admins / trusted persons use.

    • Use Case / Needs:

      • See Available Users

      • Select One & Authenticate as them

        • i.e. Impersonation

      • Access endpoints and/or switch user (authenticating) as needed

    • Methodology

      • First, use CLIENT_ID & CLIENT_SECRET from the local environment

      • Invoke the authentication process for a generic token and store that to be used as the bearer token (for now)

      • Have a local endpoint that calls the remote endpoint /api/ListUsers, collects the returned JSONdata, and then redirects to a "Select User" page, listing the available users names & ids

        • If having a USER_ID in the environment for example, you could have the form default to it

        • Common practice for this in flask would be to redirect to an endpoint for select_user which, when called via a GET request renders the form page (with the form action pointing to the same URL), or when called via a POST request collecting the submitted form data from the same page and then redirecting as needed.

      • When a user is selected, set that as the active user id in the session and invoke the authentication process again but this time also passing userid={SELECTED_USER_ID} as respective parameter types for the respective Authentication endpoints. Then save the returned access_token as the active bearer token to use in the headers of future GET requests.

  • Single-User App

    • Description: You have an App with a custom interface and which interacts with a remote AIRisk project instance. You will be the only person running this program, and only will do so on your own secure device.

    • Use Case / Needs

      • Load APIUser related CLIENT_ID and CLIENT_SECRET from a .env file

      • Load ApplicationUser related id also from a .env file in which belongs to your user account

      • Assuming both of the above exist and are valid.

    • Methodology

      • Load from .env

      • Store the USER_ID environment variable as userid in the session / local memory for usage across views/pages.

      • Invoke the authentication process but include userid as a parameter for both respective endpoints (encoding it in the URL for the GET request to /api/oauth2. Passing as a parameter in the POST request to /api/oauth2/Token)

      • Use the access token as the bearer token across the app.

PreviousGeneric vs. User-Specific TokensNextUsage of the Access Token

Last updated 23 days ago