Ir para o conteúdo

Security Provider - OData

The OData security provider authenticates requests made to an OData data source. It includes support for the following authentication mechanisms:

  • Anonymous Authentication
  • HTTP Basic Authentication
  • OAuth 2.0 Authorization Code flow
  • OAuth 2.0 Client Credentials flow
  • OAuth 2.0 Resource Owner Password Credentials flow
  • OAuth 2.0 JSON Web Token Bearer flow
  • OAuth 2.0 SAML 2.0 Bearer Assertion flow

Important

For Vinyl 3.2 and beyond, an OData data source should now use either the HTTP or OAuth security provider.

Anonymous Authentication

Anonymous authentication is used by default when credentials are not supplied and no other authentication type is selected. Anonymous authentication does not require any configuration. However, it can be explicitly enabled by associating the data source with a security provider that has an AuthenticationType of Anonymous.

See HTTP Anonymous Authentication for the complete configuration.

HTTP Basic Authentication

As implemented by Vinyl, HTTP Basic Authentication is a form of service account, meaning all Vinyl users authenticate with the same set of credentials. The credentials (user name and password) are defined at the data source level.

HTTP Basic Authentication is enabled in one of two ways:

  1. Implicitly. Credentials are defined at the data source level and the data source is not associated with a security provider.
  2. Explicitly. Credentials are defined at the data source level and the data source is associated with a security provider that has an AuthenticationType of Basic.

See HTTP Basic Authentication for the complete configuration.

OAuth 2.0 Authorization Code Flow

The OAuth 2.0 Authorization Code flow provides user-level authentication. In this flow, authorization codes are exchanged for OAuth access tokens.

Unlike the Anonymous and HTTP Basic authentication schemes, the Authorization Code flow must be explicitly enabled. This is done by associating a data source with a security provider that has an AuthenticationType of AuthorizationCode.

Furthermore, the OAuth Authorization Code flow works in conjunction with an OAuth security provider. The OAuth security provider is responsible for authorizing the user and exchanging authorization codes for access tokens.

See OAuth 2.0 Authorization Code Flow (Delegated) for the complete configuration.

OAuth 2.0 SAML 2.0 Bearer Assertion Flow

The OAuth 2.0 SAML 2.0 Bearer Assertion Flow provides user-level authentication. In this flow, SAML assertions are exchanged for OAuth access tokens.

Unlike the Anonymous and HTTP Basic authentication schemes, the SAML 2.0 Bearer Assertion flow must be explicitly enabled. This is done by associating a data source with a security provider that has an AuthenticationType of Saml.

See OAuth 2.0 SAML 2.0 Bearer Assertion Flow for the complete configuration.

OAuth 2.0 Client Credentials Flow

The OAuth 2.0 Client Credentials flow provides client-level authentication, akin to a service account. In this flow, the OAuth client credentials are exchanged for an OAuth access token.

Unlike the Anonymous and HTTP Basic authentication schemes, the Client Credentials flow must be explicitly enabled. This is done by associating a data source with a security provider that has an AuthenticationType of ClientCredentials.

See OAuth 2.0 Client Credentials Flow for the complete configuration.

OAuth 2.0 Resource Owner Password Credentials Flow

As implemented by Vinyl, the OAuth 2.0 Resource Owner Password Credentials flow provides client-level authentication, akin to a service account. In this flow, the OAuth resource owner credentials are exchanged for an OAuth access token.

Unlike the Anonymous and HTTP Basic authentication schemes, the OAuth Resource Owner Password Credentials flow must be explicitly enabled. This is done by associating a data source with a security provider that has an AuthenticationType of ResourceOwnerPasswordCredentials.

See OAuth 2.0 Resource Owner Password Credentials Flow for the complete configuration.

OAuth 2.0 JSON Web Token Bearer Token Flow

The OAuth 2.0 JSON Web Token (JWT) Bearer Token flow provides user-level authentication. In this flow, JWTs are exchanged for OAuth access tokens. Unlike the Anonymous and HTTP Basic authentication schemes, the JWT Bearer Token flow must be explicitly enabled. This is done by associating a data source with a security provider that has an AuthenticationType of Jwt.

See OAuth 2.0 JSON Web Token Bearer Token Flow for the complete configuration.