Overview
User, Session, Client resources and mechanics explained

User

Aidbox has a SCIM User Resource.
Attributes:
element
type
description
id
string
โ€‹
email
string
โ€‹
password
string
Hash of password
identifier
Identifier[]
โ€‹
userName
โ€‹
โ€‹

Create Users

To create user you can use CRUD API, e.g. POST /User and PUT /User/

User Login

Human User can use /auth/login to log in with credentials defined in a User resource
System can authenticate a User as it is specified in OAuth 2.0 spec. For example, you can get access token via
1
POST /auth/token
2
client_id: password-client
3
grant_type: password
5
password: password
Copied!
Note for such authentification a Client resource should be created
You can find different authorization flow examples in the Auth Sandbox in the Aidbox ui
GET /auth/userinfo returns info about current User session

Activate/Deactivate Users

To control User active status you can change User.inactive attribute by setting true or false value. Deactivating user doesn't affect Session's activation.
โ€‹

Sessions

For each user login Aidbox creates Session resource
Get last 10 sessions
1
select cts, resource#>>'{user,id}'
2
from session
3
order by cts desc
4
limit 10
Copied!

Client

To provide programmatic access to Aidbox you have to register a client - Client resource.
Client resource must have grant_types attribute defining authentification scheme for this Client.
โ€‹Application grant types (or flows) are methods through which applications can gain Access Tokens and by which you grant limited access to your resources to another entity without exposing credentials.
Grant types are choosed appropriately based on the grant_types property of your Auth0-registered Application. The OAuth 2.0 protocol supports several types of grants, which allow different types of access. To see available grant types and grant type mapping refer to the doc.
Other required attributes are determined based on the values of this attribute grant_types is an array of strings, possible values are:
  • basic
  • client_credentials
  • password
  • implicit
  • authorization_code
  • code
You can specify auth.*.access_token_expiration only for Clients with auth.*.token_format: jwt
You can find different authorization flow examples in the Auth Sandbox in the Aidbox ui
Last modified 1mo ago