Token Authentication Protocol

Token Authentication Protocol🔗

Token authentication

Token Authentication: Sequence diagram

The user logs in on the integrating application and a session is created. A cookie in the user's browser is sent with each subsequent page request to allow the application to recognize the user and grant access.
The user at some point opens the Search! webpage (e.g. as a new tab, pop-up or iframe).
The browser fires an Ajax request from the Search! page to the integrating application's token request service.
The integrating application recognizes the user by the cookie that is sent along by the browser. Then it sends a SOAP request to the Search! authentication webservice requesting a token.
Search! verifies the environment password and creates an access token for the environment and requested access roles.
The integrating application returns the access token to the user's webbrowser.
The browser uses the token to perform subsequent Ajax requests to the search webservice.