Example Usage Flow / Reasons

  • Two-Step Authentication Process

    • Description: You have an app using the remote AIRisk instance in which only admins / trusted persons use.

    • Use Case / Needs:

      • See Available Users

      • Select One & Authenticate as them

        • i.e. Impersonation

      • Access endpoints and/or switch user (authenticating) as needed

    • Methodology

      • First, use CLIENT_ID & CLIENT_SECRET from the local environment

      • Invoke the authentication process for a generic token and store that to be used as the bearer token (for now)

      • Have a local endpoint that calls the remote endpoint /api/ListUsers, collects the returned JSONdata, and then redirects to a "Select User" page, listing the available users names & ids

        • If having a USER_ID in the environment for example, you could have the form default to it

        • Common practice for this in flask would be to redirect to an endpoint for select_user which, when called via a GET request renders the form page (with the form action pointing to the same URL), or when called via a POST request collecting the submitted form data from the same page and then redirecting as needed.

      • When a user is selected, set that as the active user id in the session and invoke the authentication process again but this time also passing userid={SELECTED_USER_ID} as respective parameter types for the respective Authentication endpoints. Then save the returned access_token as the active bearer token to use in the headers of future GET requests.

  • Single-User App

    • Description: You have an App with a custom interface and which interacts with a remote AIRisk project instance. You will be the only person running this program, and only will do so on your own secure device.

    • Use Case / Needs

      • Load APIUser related CLIENT_ID and CLIENT_SECRET from a .env file

      • Load ApplicationUser related id also from a .env file in which belongs to your user account

      • Assuming both of the above exist and are valid.

    • Methodology

      • Load from .env

      • Store the USER_ID environment variable as userid in the session / local memory for usage across views/pages.

      • Invoke the authentication process but include userid as a parameter for both respective endpoints (encoding it in the URL for the GET request to /api/oauth2. Passing as a parameter in the POST request to /api/oauth2/Token)

      • Use the access token as the bearer token across the app.

PreviousGeneric vs. User-Specific TokensNextUsage of the Access Token

Last updated