Domain Authentication Method
After the Domain
creation has successfully been completed you should be able to login and access the GraphQL API for your Domain
using GraphiQL or the DRIVR-UI.
You can access your GraphiQL instance at the following URL replacing {slug}
with your custom one you used during the Domain
setup: https://{slug}.api.drivr.cloud/graphiql. The integrated docs there will give you a comprehensive overview of all GraphQL mutations and queries you are able to perform against DRIVR.
The DomainAuthenticationMethods
represents the global authentication settings for DRIVR, which can be configured to integrate with both internal and third-party authentication systems. It offers a flexible and customizable approach for authenticating against different providers.
In order to configure access to your DRIVR Domain
for additional applications at least one of the following DomainAuthenticationMehthods
has to be setup and have a status
which is ACTIVATED
.
The AuthenticationMethod
default
is used initially (for GraphiQL and DRIVR UI) but can also be deactivated or removed if another method is correctly configured. There can only be one ACTIVATED
instance of each method at a time.
The available DomainAuthenticationMethods
include:
DEFAULT
: This method is used for authenticating against DRIVR's internal authentication system. It provides a built-in authentication mechanism that allows users to sign in directly using their DRIVR credentials.GOOGLE
: This method enables authentication using Google's OAuth service. By configuring this method, users can sign in to DRIVR using their Google accounts, leveraging the OAuth framework for secure and delegated access.AZURE_AD
: This method allows authentication against Azure's Active Directory (AD) service. By setting up this authentication method, users can sign in to DRIVR using their Azure AD credentials.OPEN_ID_BEARER_DELEGATION
: This method enables authentication using existing OpenID Bearer tokens issued by third-party OAuth servers. By integrating with these OAuth servers, DRIVR can validate and authenticate users using the tokens issued by trusted providers, expanding the authentication options available to users.
This example shows how to retrieve all active DomainAuthenticationMethods
within a Domain
.
query getDomainAuthenticationMethods {
authenticationMethods(
where: {
status: {
_eq: ACTIVATED
}
},
offset: 0,
limit: 1000
) {
items {
... on DefaultAuthenticationMethod {
uuid
authenticationType
status
}
... on GoogleAuthenticationMethod {
uuid
authenticationType
status
}
... on AzureAuthenticationMethod {
uuid
authenticationType
status
}
... on OpenIdDelegatedAuthenticationMethod {
uuid
authenticationType
status
}
}
limit
totalItems
}
}
Response
{
"data": {
"authenticationMethods": {
"items": [
{
"uuid": "493f1186-59b0-46de-b692-812dd08fe931",
"authenticationType": "DEFAULT",
"status": "ACTIVATED"
}
],
"limit": 1000,
"totalItems": 1
}
}
}
Adding another DomainAuthenticationMethod
could look something like the following example for Google authentication.
The clientId
and clientSecret
in the following example has to be replaced by one created within the Google portal.
The same configuration can be done within the DRIVR-UI for your Domain
. Please replace {slug}
in the following link with the one of your DRIVR instance. https://{slug}.ui.drivr.cloud/#/en/domain/auth-methods.
mutation createGoogleAuthenticationMethod {
createGoogleAuthenticationMethod(
configuration: {
clientId: "google-client-id",
clientSecret: "google-client-secret",
scopes: [
"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/userinfo.profile"
]
}
) {
uuid
authenticationType
status
}
}
Response
{
"data": {
"createGoogleAuthenticationMethod": {
"uuid": "19f1b631-061f-4685-8619-374a56d43da2",
"authenticationType": "GOOGLE",
"status": "ACTIVATED"
}
}
}
You can now use a Google Account to login to DRIVR UI and GraphiQL without any further steps. Similar steps are necessary to enable access to the DRIVR API via the AZURE AD.
If you would like to integrate your own application into DRIVR and gain access to the GraphQL and REST APIs the steps in the next section will guide you.