Application Consumer
An ApplicationConsumer
represents an application that uses DRIVR to authenticate users against the API and manages different OAuth flows. This can be controlled via setting one or multiple grantTypes
for a specific ApplicationConsumer
.
The DRIVR Login UI abstracts away the end-user authorization dialogs and token requests (see the next guide for more details). For this to work your app needs to be linked to an OAuth consumer/client which is an ApplicationConsumer
.
The identifier
serves as the client_id
in authentication requests.
The different grantTypes available are:
AUTHORIZATION_CODE
: For confidential and public clients using a server-based flow such as the authorization code grant type, this is used to exchange an authorization code for an access token. At least oneredirectUri
is required for this grant type as the redirect URL will contain sensitive information. It is critical that the service doesn’t redirect the user to arbitrary locations.PASSWORD
: Resource Owner Password Credentials Grant allows exchanging a username and password for an access token.REFRESH_TOKEN
: Enables the issuance of a refresh token. They are long-lasting credentials used to request additional access tokens. The refresh token is bound to the client to which it was issued. This can be combined with othergrantTypes
.
The following example shows how to setup a new ApplicationConsumer
which allows authentication against the DRIVR API during local development.
The same configuration can be done within the DRIVR-UI for your Domain
. Please replace {slug}
in the following link with the one of your DRIVR instance. https://{slug}.ui.drivr.cloud/#/en/domain/application-consumers?limit=25.
mutation createApplicationConsumer {
createApplicationConsumer(
name: "my-new-app",
slug: "my-app",
defaultRedirectUri: "http://localhost:8080/auth/callback",
redirectUris: [
"http://localhost:8080/auth/callback",
"http://localhost:8080/auth/another-callback"
],
secret: "nuq1u6k4nWSNgrPEDbHXTqWN4APERZ8X1LPcY9Hov7gHnPcfD1hcNhmMOzoYkAVs",
grantTypes: [
REFRESH_TOKEN,
AUTHORIZATION_CODE
],
scopes: [
"profile",
"email"
]
) {
uuid
identifier
defaultRedirectUri
redirectUris
status
grantTypes
name
slug
scopes
}
}
Response
{
"data": {
"createApplicationConsumer": {
"uuid": "3bd72e78-1f23-2781-8b65-b84e4a2a4765",
"identifier": "my-app.localhost",
"defaultRedirectUri": "http://localhost:8080/auth/callback",
"redirectUris": [
"http://localhost:8080/auth/callback",
"http://localhost:8080/auth/another-callback"
],
"status": "ACTIVATED",
"grantTypes": [
"AUTHORIZATION_CODE",
"REFRESH_TOKEN"
],
"name": "my-new-app",
"slug": "my-app",
"scopes": [
"profile",
"email"
]
}
}
}