Application Consumer

An ApplicationConsumer represents an application that uses DRIVR to authenticate users against the API and manages different OAuth flows. This can be controlled via setting one or multiple grantTypes for a specific ApplicationConsumer. The DRIVR Login UI abstracts away the end-user authorization dialogs and token requests (see the next guide for more details). For this to work your app needs to be linked to an OAuth consumer/client which is an ApplicationConsumer. The identifier serves as the client_id in authentication requests.

The different grantTypes available are:

  • AUTHORIZATION_CODE: For confidential and public clients using a server-based flow such as the authorization code grant type, this is used to exchange an authorization code for an access token. At least one redirectUri is required for this grant type as the redirect URL will contain sensitive information. It is critical that the service doesn’t redirect the user to arbitrary locations.
  • PASSWORD: Resource Owner Password Credentials Grant allows exchanging a username and password for an access token.
  • REFRESH_TOKEN: Enables the issuance of a refresh token. They are long-lasting credentials used to request additional access tokens. The refresh token is bound to the client to which it was issued. This can be combined with other grantTypes.

The following example shows how to setup a new ApplicationConsumer which allows authentication against the DRIVR API during local development.

The same configuration can be done within the DRIVR-UI for your Domain. Please replace {slug} in the following link with the one of your DRIVR instance. https://{slug}.ui.drivr.cloud/#/en/domain/application-consumers?limit=25.

mutation createApplicationConsumer {
  createApplicationConsumer(
    name: "my-new-app",
    slug: "my-app",
    defaultRedirectUri: "http://localhost:8080/auth/callback",
    redirectUris: [
        "http://localhost:8080/auth/callback",
        "http://localhost:8080/auth/another-callback"
    ],
    secret: "nuq1u6k4nWSNgrPEDbHXTqWN4APERZ8X1LPcY9Hov7gHnPcfD1hcNhmMOzoYkAVs",
    grantTypes: [
        REFRESH_TOKEN,
        AUTHORIZATION_CODE
    ],
    scopes: [
        "profile",
        "email"
    ]
  ) {
    uuid
    identifier
    defaultRedirectUri
    redirectUris
    status
    grantTypes
    name
    slug
    scopes
  }
}
Response
{
  "data": {
    "createApplicationConsumer": {
        "uuid": "3bd72e78-1f23-2781-8b65-b84e4a2a4765",
        "identifier": "my-app.localhost",
        "defaultRedirectUri": "http://localhost:8080/auth/callback",
        "redirectUris": [
            "http://localhost:8080/auth/callback",
            "http://localhost:8080/auth/another-callback"
        ],
        "status": "ACTIVATED",
        "grantTypes": [
            "AUTHORIZATION_CODE",
            "REFRESH_TOKEN"
        ],
        "name": "my-new-app",
        "slug": "my-app",
        "scopes": [
            "profile",
            "email"
        ]
    }
  }
}