Token Authentication Protocol
Token Authentication Protocol🔗
Token Authentication: Sequence diagram
- The user logs in on the integrating application and a session is created. A cookie in the user's browser is sent with each subsequent page request to allow the application to recognize the user and grant access.
- The user at some point opens the Search! webpage (e.g. as a new tab, pop-up or iframe).
- The browser fires an Ajax request from the Search! page to the integrating application's token request service.
- The integrating application recognizes the user by the cookie that is sent along by the browser. Then it sends a SOAP request to the Search! authentication webservice requesting a token.
- Search! verifies the environment password and creates an access token for the environment and requested access roles.
- The integrating application returns the access token to the user's webbrowser.
- The browser uses the token to perform subsequent Ajax requests to the search webservice.