Authentication
Every device has a unique code built into it that can be used for authentication.
One of the benefits of the Senza platform is that each cloud connector device has a unique identifier, so you can implement device-based authentication that is completely transparent to the user. They won't need to bother entering a username and password, because simply having a device gives them the access they need. And you don't need to be concerned with password sharing, because every device can be bound to a specific user.
This page describes the functionality provided by the Auth object for obtaining a client assertion, which is an encrypted JSON Web Token (JWT) object that validates the device ID and the fact that it is authorized to access the Senza platform. See the Authentication Flow page for an in-depth description of the authentication process.
Note that implementing this flow is optional. If you have a different authentication model or don't need to authenticate users at all then you can skip this integration step.
Tutorials
If you prefer to learn by example, you can follow these tutorials which cover the complete process:
- Device Authentication
- QR Code Authentication
- Device Authentication video tutorial
Objects
- auth :
object
auth : object
objectKind: global namespace
Example
import { auth } from "senza-sdk";
auth.getClientAssertion
Should be called upon startup and can be used by the application to get the access token from the Host Platform and perform authentication.
Kind: static property of auth
Async function that returns the client assertion
Return {Promise} Promise which is resolved to a client assertion JSON string when getClientAssertion has been successfully performed.
Failure to getClientAssertion for any reason, result in the promise being rejected.
Error status codes:
Status code 400 - Tenant configuration is missing.
Status code 0 - General error.
Example
try {
const client_assertion = await auth.getClientAssertion();
console.log("Client assertion is", client_assertion);
} catch (e) {
console.error("getClientAssertion failed", e);
}
auth.getToken (deprecated)
Should be called upon startup and be embedded in future requests.
Kind: static property of auth
auth.forceTokenUpdate (deprecated)
Should be called upon '401' event (unauthorized)
Kind: static property of auth
Updated 5 months ago