Domain Authentication Method

After the Domain creation has successfully been completed you should be able to login and access the GraphQL API for your Domain using GraphiQL or the DRIVR-UI.

You can access your GraphiQL instance at the following URL replacing {slug} with your custom one you used during the Domain setup: https://{slug}.api.drivr.cloud/graphiql. The integrated docs there will give you a comprehensive overview of all GraphQL mutations and queries you are able to perform against DRIVR.

The DomainAuthenticationMethods represents the global authentication settings for DRIVR, which can be configured to integrate with both internal and third-party authentication systems. It offers a flexible and customizable approach for authenticating against different providers.

In order to configure access to your DRIVR Domain for additional applications at least one of the following DomainAuthenticationMehthods has to be setup and have a status which is ACTIVATED.

The AuthenticationMethod default is used initially (for GraphiQL and DRIVR UI) but can also be deactivated or removed if another method is correctly configured. There can only be one ACTIVATED instance of each method at a time.

The available DomainAuthenticationMethods include:

  • DEFAULT: This method is used for authenticating against DRIVR's internal authentication system. It provides a built-in authentication mechanism that allows users to sign in directly using their DRIVR credentials.
  • GOOGLE: This method enables authentication using Google's OAuth service. By configuring this method, users can sign in to DRIVR using their Google accounts, leveraging the OAuth framework for secure and delegated access.
  • AZURE_AD: This method allows authentication against Azure's Active Directory (AD) service. By setting up this authentication method, users can sign in to DRIVR using their Azure AD credentials.
  • OPEN_ID_BEARER_DELEGATION: This method enables authentication using existing OpenID Bearer tokens issued by third-party OAuth servers. By integrating with these OAuth servers, DRIVR can validate and authenticate users using the tokens issued by trusted providers, expanding the authentication options available to users.

This example shows how to retrieve all active DomainAuthenticationMethods within a Domain.

query getDomainAuthenticationMethods {
  authenticationMethods(
    where: {
      status: {
        _eq: ACTIVATED
      }
    },
    offset: 0,
    limit: 1000
  ) {
    items {
      ... on DefaultAuthenticationMethod {
        uuid
        authenticationType
        status
      }
      ... on GoogleAuthenticationMethod {
        uuid
        authenticationType
        status
      }
      ... on AzureAuthenticationMethod {
        uuid
        authenticationType
        status
      }
      ... on OpenIdDelegatedAuthenticationMethod {
        uuid
        authenticationType
        status
      }
    }
    limit
    totalItems
  }
}
Response
{
  "data": {
    "authenticationMethods": {
      "items": [
        {
          "uuid": "493f1186-59b0-46de-b692-812dd08fe931",
          "authenticationType": "DEFAULT",
          "status": "ACTIVATED"
        }
      ],
      "limit": 1000,
      "totalItems": 1
    }
  }
}

Adding another DomainAuthenticationMethod could look something like the following example for Google authentication. The clientId and clientSecret in the following example has to be replaced by one created within the Google portal.

The same configuration can be done within the DRIVR-UI for your Domain. Please replace {slug} in the following link with the one of your DRIVR instance. https://{slug}.ui.drivr.cloud/#/en/domain/auth-methods.

mutation createGoogleAuthenticationMethod {
  createGoogleAuthenticationMethod(
    configuration: {
      clientId: "google-client-id",
      clientSecret: "google-client-secret",
      scopes: [
        "https://www.googleapis.com/auth/userinfo.email",
        "https://www.googleapis.com/auth/userinfo.profile"
      ]
    }
  ) {
    uuid
    authenticationType
    status
  }
}
Response
{
  "data": {
    "createGoogleAuthenticationMethod": {
        "uuid": "19f1b631-061f-4685-8619-374a56d43da2",
        "authenticationType": "GOOGLE",
        "status": "ACTIVATED"
    }
  }
}

You can now use a Google Account to login to DRIVR UI and GraphiQL without any further steps. Similar steps are necessary to enable access to the DRIVR API via the AZURE AD.

If you would like to integrate your own application into DRIVR and gain access to the GraphQL and REST APIs the steps in the next section will guide you.