GBG | Developers

Guides   |   Browser-Based Authorization Overview

Browser-Based Authorization Overview

BROWSER-BASED AUTHENTICATION AND AUTHORIZATION EXPLAINED

Check out the 3-minute Authentication and Authorization video.

If you’ve ever used your Yahoo, Microsoft or other account to sign on to a third party website or cloud service, you’ll have used an underlying system known as delegated authentication. A single username and password authenticated with a trusted source can allow third party servers to also authenticate you without needing to share your password with third parties.

Once the system has been set up, it is possible for a user to log on to the trusted identity provider such as Yahoo or Microsoft, and then your application can take a piece of information (known as the identity provider’s access token) and pass it to the third party service. The access token does not reveal your password, but it allows the third party to confirm (through a connection to the trusted identity provider) that you did provide correct credentials to the identity provider.

GBG Identity Solution can use the authentication system as described above (known as OAuth 2.0 OpenID Connect), and then it provides a GBG access token that your application can use as a key for all subsequent API requests. The access token serves as authorization for the API calls.

Note: Incidentally GBG Identity Solution also supports OAuth 2.0 Client Credentials Grant methods for obtaining the identity provider's access token. This procedure is described in another guide and it is useful for scenarios such as Machine-to-Machine (M2M).

Working with IDaaS: Topology

There can be multiple benefits in using OAuth. The application does not need to store any additional passwords or implement key infrastructure. Your business controls the user access, so that as employees join on or leave, the access can be enabled or disabled with user-level granularity. Furthermore, existing HTTPS secure communication methods and standard ports are used to access the trusted security provider.

Once the GBG access token has been received by the end application, your code can invoke API requests to perform Identity Solution functions including person and address verification, document verification, scanning and face matching. The API requests carry the access token and any query parameters and image attachments and the API results from Identity Solution analysis engines are communicated back in real-time within HTTP responses.