Example Usage Flow / Reasons

Two-Step Authentication Process
- Description: You have an app using the remote AIRisk instance in which only admins / trusted persons use.
- Use Case / Needs:
  - See Available Users
  - Select One & Authenticate as them
    i.e. Impersonation
  - Access endpoints and/or switch user (authenticating) as needed
- Methodology
  - First, use CLIENT_ID & CLIENT_SECRET from the local environment
  - Invoke the authentication process for a generic token and store that to be used as the bearer token (for now)
  - Have a local endpoint that calls the remote endpoint /api/ListUsers, collects the returned JSONdata, and then redirects to a "Select User" page, listing the available users names & ids
    If having a USER_ID in the environment for example, you could have the form default to it
    Common practice for this in flask would be to redirect to an endpoint for select_user which, when called via a GET request renders the form page (with the form action pointing to the same URL), or when called via a POST request collecting the submitted form data from the same page and then redirecting as needed.
  - When a user is selected, set that as the active user id in the session and invoke the authentication process again but this time also passing userid={SELECTED_USER_ID} as respective parameter types for the respective Authentication endpoints. Then save the returned access_token as the active bearer token to use in the headers of future GET requests.
Single-User App
- Description: You have an App with a custom interface and which interacts with a remote AIRisk project instance. You will be the only person running this program, and only will do so on your own secure device.
- Use Case / Needs
  - Load APIUser related CLIENT_ID and CLIENT_SECRET from a .env file
  - Load ApplicationUser related id also from a .env file in which belongs to your user account
  - Assuming both of the above exist and are valid.
- Methodology
  - Load from .env
  - Store the USER_ID environment variable as userid in the session / local memory for usage across views/pages.
  - Invoke the authentication process but include userid as a parameter for both respective endpoints (encoding it in the URL for the GET request to /api/oauth2. Passing as a parameter in the POST request to /api/oauth2/Token)
  - Use the access token as the bearer token across the app.

PreviousGeneric vs. User-Specific Tokens NextUsage of the Access Token

Last updated 1 month ago

Example Usage Flow / Reasons

Two-Step Authentication Process
- Description: You have an app using the remote AIRisk instance in which only admins / trusted persons use.
- Use Case / Needs:
  - See Available Users
  - Select One & Authenticate as them
    i.e. Impersonation
  - Access endpoints and/or switch user (authenticating) as needed
- Methodology
  - First, use CLIENT_ID & CLIENT_SECRET from the local environment
  - Invoke the authentication process for a generic token and store that to be used as the bearer token (for now)
  - Have a local endpoint that calls the remote endpoint /api/ListUsers, collects the returned JSONdata, and then redirects to a "Select User" page, listing the available users names & ids
    If having a USER_ID in the environment for example, you could have the form default to it
    Common practice for this in flask would be to redirect to an endpoint for select_user which, when called via a GET request renders the form page (with the form action pointing to the same URL), or when called via a POST request collecting the submitted form data from the same page and then redirecting as needed.
  - When a user is selected, set that as the active user id in the session and invoke the authentication process again but this time also passing userid={SELECTED_USER_ID} as respective parameter types for the respective Authentication endpoints. Then save the returned access_token as the active bearer token to use in the headers of future GET requests.
Single-User App
- Description: You have an App with a custom interface and which interacts with a remote AIRisk project instance. You will be the only person running this program, and only will do so on your own secure device.
- Use Case / Needs
  - Load APIUser related CLIENT_ID and CLIENT_SECRET from a .env file
  - Load ApplicationUser related id also from a .env file in which belongs to your user account
  - Assuming both of the above exist and are valid.
- Methodology
  - Load from .env
  - Store the USER_ID environment variable as userid in the session / local memory for usage across views/pages.
  - Invoke the authentication process but include userid as a parameter for both respective endpoints (encoding it in the URL for the GET request to /api/oauth2. Passing as a parameter in the POST request to /api/oauth2/Token)
  - Use the access token as the bearer token across the app.

PreviousGeneric vs. User-Specific Tokens NextUsage of the Access Token

Last updated 1 month ago