Guides

Authentication Flow (Old)

Suggest Edits

In the Senza platform, the client device authentication flow has two parts:

  • Client Authentication - authenticates the device to the Hyperscale platform
  • Host Platform Authentication - authenticates the device with a Customer platform.

Client Authentication

Authentication of the Cloud Connector with the Senza Platform. This part of the flow is internal to the Senza product and therefore it is not described in this manual. Devices ALWAYS Authenticate with the Senza platform.

Host Platform Authentication

This section covers Authentication of the Intelligent Connector with the Host Platform.

Applications may choose to implement their own password/credential (login) based authentication. If chosen, this flow is external to Hyperscale and completely owned by the application.

Application Managed Login (Recommended)

Application may choose to use silent login option that doesn't involve user interaction for authentication, if chosen, Hyperscale exposes Client assertion API that can be used by the application to get the access token from the Host Platform and perform authentication. The assumption is that device is registered upfront by the Host Platform and access token can be retrieved.

For more configuration information and examples please follow the guidelines here: application-managed-login

Hyperscale Host Platform Authentication (Optional)

In cases where there is no application authentication implementation to its host platform, Hyperscale can manage it instead. As part of this flow, there are integration points between Hyperscale, the customer Web Application and the Host Platform Authentication Services. At the end of this flow, the Web Application has the access token required to call the Host Platform APIs.

Host platform authentication via Hyperscale is disabled by default, and can be enabled via the Operations Console.

Integration Points

When working with Host Platform Authentication via Hyperscale (use Host Platform Authentication is enable):

  1. Upon device boot up, Hyperscale platform will request an access token from the hostPlatform authentication service. This service should support the getToken API. As part of this flow (or even before this API is called) the authentication service should use OIDC discovery for assertion verification.
  2. When the web application is up and running, it should/can call getToken API via HS Client Library

Step By Step

  • To get you up and running quickly, we have provided you a hosted authentication simulator which triggers OIDC discovery APIs and generates a dummy token.
  • Instructions how to use the Auth Simulator can be found here: Authentication Simulator
  • In order to integrate your own authentication service with Hyperscale, please follow the guidelines here: Host Platform Authentication
  • Your Hyperscale tenant has probably been created with Authentication disabled. Once you are ready to start with Authentication, you will need to contact Synamedia and we will update the tenant so you can use the simulator or the real Host Platform Authentication Services.

Updated 6 months ago