Authentication Tutorial

Basic Auth

The simplest way to interact with Aidbox API from your confidential (backend) code is a Basic Auth

To start you have to register in Aidbox Auth Client with secret and basic flow enabled in this form:

Let's create AccessPolicy for this Client

Client Credentials Flow

Client get access by OAuth 2.0 Client Credentials flow

To start you have to register in Aidbox OAuth Client with secret and client_credentials flow enabled

Before you start - create a Client

And policy for this client

When you have a token!

Now using this access token we can query Aidbox

Resource Owner Flow

This flow works for mobile and desktop apps.

Before you start - create a Client and User

When you have a token!

Now using this access token we can query Aidbox

Authorization Code Flown

This flow works for web and single page apps

Before you start - create a Client and User

Now we have to go to authorize endpoint to get code

/auth/authorize?client_id=web-app&response_type=code

When you have a token!

Now using this access token we can query Aidbox

Implicit Flow

This flow works for single page apps. Before you start - create a Client

Now we have to go to authorize endpoint to get code

/auth/authorize?client_id=web-app&response_type=code

When you have a token!

Now using this access token we can query Aidbox

JWT Auth

If you use external server, which provides you with JWT access token - you can configure Aidbox to trust this JWT token and act as Resource Server

You can use for example this app to generate test JWT__

First of all you have to register TokenIntrospector in Aidbox

SMART on FHIR Flow

When you have a token!

Now using this access token we can query Aidbox