Terminology
This table will provide you with a list of terms used within the Auth service. This helps everyone understand what's being talked about.
- Name
Access Token- Required
- Type
- Description
A string which is used to identify that a user or service has been authenticated
- Name
Authentication- Required
- Type
- Description
The process of validating a user or services credentials
- Name
Authorization- Required
- Type
- Description
The process of checking if an authenticated (known) user or service has permission to access an action or resource
- Name
Auth Code- Required
- Type
- Description
A method of authentication for third parties to prevent them having access to the ITC users password
- Name
Client- Required
- Type
- Description
A first or third party application, for example, compliance-auth can be considered to be a client. An application can have multiple clients
- Name
Client Credentials- Required
- Type
- Description
A type of grant, which allows for programtic authentication where we want to authenticate a service
- Name
Client ID- Required
- Type
- Description
A way to identify a specific client record
- Name
Client Secret- Required
- Type
- Description
A type of password for a client. Secrets are never known by users. Each client has it's own secret so that Client A cant authenticate as Client B
- Name
Encoding- Required
- Type
- Description
A way of changing data so it can be transmitted to other systems
- Name
Encryption / Decryption- Required
- Type
- Description
A way of changing data securely, so it remains private while in transport. Encrypted data can always be decrypted back into it's original format.
- Name
Grant- Required
- Type
- Description
An authentication method. For example, authenticating a user would need a different authentication method compared to trying to authenticate a service. In this case, we need 2 different grant types, one for user authenticated and one for programatic authentication
- Name
Hashing- Required
- Type
- Description
A way of changing data securely only one way. Once data has been hashed, it cannot be changed back into it's original format.
- Name
JWT (JSON Web Token)- Required
- Type
- Description
A specific type of access token which allows details about who or what is authenticated to be embedded within the access token securely
- Name
Keys (Public / Private)- Required
- Type
- Description
A cryptographic way of signing and validating tokens
- Name
OAuth- Required
- Type
- Description
A standardised authentication approach
- Name
Password- Required
- Type
- Description
A string known only to the user to prove who they say they are
- Name
Password (Grant)- Required
- Type
- Description
A type of grant, which allows users to authenticate
- Name
Refresh Token- Required
- Type
- Description
A way to create a new Access Token without requiring the user to re-enter their username and password
- Name
Revoke- Required
- Type
- Description
A way to expire a resource early (For example, if an access token becomes compromised, we want to prevent it being used so can revoke it)
- Name
Scope- Required
- Type
- Description
A permission associated with an access token
- Name
Service- Required
- Type
- Description
A platform, service, or API that needs programmatic access to resources and actions
- Name
Signing- Required
- Type
- Description
A way to verify that the access token cannot be altered after it's been generated.
- Name
State- Required
- Type
- Description
A unique identifier to identify a short lived request
- Name
TTL- Required
- Type
- Description
"Time to live" - A numeric value which details how long something (usually an access token or cache) is valid for
- Name
Two Factor Auth (MFA / TFA / 2FA)- Required
- Type
- Description
A way to be sure that the user is who they say they are by requiring another level of user validation
- Name
User- Required
- Type
- Description
A person, someone who physically has to login to a service with a username and password
- Name
Username- Required
- Type
- Description
A way for a user to identify their account