Authentication and Authorization

Summary

Authentication is the process of verifying the user's identity. It ensures that the person or computer accessing the platform is who they claim to be.

We currently support authentication through external OpenID Connect (OIDC) identity providers. Google is fully supported, while Facebook integration is in progress. We also plan to add support for Apple and Okta in the near future.

Your mobile or web application must enable its users to sign in with at least one of the supported OIDC providers and obtain an ID Token from them. For example: The ID Token serves as a trusted proof of successful authentication from the identity provider (IDP).

Next, your application will exchange the ID Token for an ObjectsGrid Access Token. This Access Token must be included in every ObjectsGrid API request thereafter, to authenticate and authorize access to the APIs.

Authorization is the process of determining what actions or objects (resources) a user is allowed to access after they have been authenticated. It defines the user's permissions and access control. ObjectsGrid authorization is OAuth 2.0 compliant.

ObjectsGrid APIs access levels are managed using Attribute-Based Access Control (ABAC). ABAC is an advanced authorization model that grants or denies access to resources based on attributes associated with users, resources, actions, and the environment. The access level rules are defined in an ABAC policy.