Authentication - SmartPlant Foundation - Update 47 - Installation & Upgrade

Infrastructure Planning and Deployment for SmartPlant Foundation

Language
English
Product
SmartPlant Foundation
Search by Category
Installation & Upgrade
SmartPlant Foundation / SDx Version
10

SmartPlant Foundation uses OAuth 2 as the authorization framework that enables client applications to obtain access to data on the SmartPlant Foundation Server API. There are four key OAuth roles involved during the authorization process:

  • Resource Owner

  • Client

  • Resource Server

  • Authorization Server

Resource Owner: User

The resource owner is the user who authorizes an application to access data in SmartPlant Foundation. The application's access to the account is limited to the "scope" of the authorization granted.

Client: Application

The client is the application that requires access to the user's account. Before that it must be authorized by the user, and authorization must be validated by the API.

Resource Server: API

The resource server hosts the protected data.

Authorization Server

The Authorization Server verifies the identity of the user and then issues access tokens to the application.

  • Application Registration - Before using OAuth with SmartPlant Foundation, the application must be registered with the Authorization Server using Authorization Code with PKCE as the selected OAuth flow.

  • Client ID and Client Secret - Once SmartPlant Foundation has been registered, the service will issue "client credentials" in the form of a client identifier and client secret.

oauth_flow