SmartPlant Foundation uses OAuth 2 as the authorization framework that enables client applications to obtain access to data on the SmartPlant Foundation Server API. There are four key OAuth roles involved during the authorization process:
-
Resource Owner
-
Client
-
Resource Server
-
Authorization Server
Resource Owner: User
The resource owner is the user who authorizes an application to access data in SmartPlant Foundation. The application's access to the account is limited to the "scope" of the authorization granted.
Client: Application
The client is the application that requires access to the user's account. Before that it must be authorized by the user, and authorization must be validated by the API.
Resource Server: API
The resource server hosts the protected data.
Authorization Server
The Authorization Server verifies the identity of the user and then issues access tokens to the application.
-
Application Registration - Before using OAuth with SmartPlant Foundation, the application must be registered with the Authorization Server using Authorization Code with PKCE as the selected OAuth flow.
-
Client ID and Client Secret - Once SmartPlant Foundation has been registered, the service will issue "client credentials" in the form of a client identifier and client secret.