Skip to main content

Identity glossary

A


API

An API is a entity that represent mostly a back-end service that interact with Cryptr. You can have many of them, but each one is specified by it's related programming language. Ex:

  • Ruby
  • PHP
  • Node Express
  • GraphQL client
  • Java App

Application

An API is a entity that represent mostly a client service that interact with Cryptr. You can have many of them, but each one is specified by it's related programming language. Ex:

  • React
  • Angular
  • Mobile App
  • SPA

Authorization Code flow

This flow defines how to retrieve an authorization from an original request between different Authorization entities

  1. User try to sign up on SPA
  2. SPA request Authorization code to Authorization Server
  3. Authorization Server check user (exists, allowed scopes ...)
  4. Authorization server redirect user to consents
  5. User consents
  6. Authorization Server send Authorization Code
  7. SPA send Code + Secret to Authorization Server
  8. Authorization Server retrieves Access and ID Tokens to SPA
  9. SPA request resource on Resource Server using Access Token
  10. SPA get the resource from the Resource Server
Controls

Each Steps and transactions are moments to check the flow process and secure it

Authorization Code flow infography

Authorization Server

This is the core entity (in our Case Cryptr) of OAuth protocol. This entity has the role to authenticate the resource owner and deliver the authorization through an Access Token

C


Cookies

HTTP Cookies is data stored in the users's computer web browser to store state or activity usefull for a website or integrated service in the website.

The data can be:

  • a simple key
  • a structured data to store in one object complex structure

Some configuration is possible to increase the security of these informations

  • The domain owner
  • Expiration/ Max Age
  • Same Site

For more see RFC 6265

F


Framework

A Software Framework provides a standard way to build and deploy applications. A Framework basically include

  • reusable components
  • a default behaviour
  • some configuration possibilities
  • code that can be extended for developer needs
  • code that *can't be modified to ensure the framework's purpose

L


Library

A library in computer science, is a collection of resources used in programs. That can include

  • configuration data
  • documentation
  • help data
  • message templates
  • many more things to help a developer to achieve faster something

M


A magic link is a unique link sent by email to a end-user to authenticate himself. The magic link is compose of

N


NPM

This is short name of Node Package manager.

NPM is basically a Package manager for the Javascript progrmaming language.

Package Manager is a software tools collection to install, upgrade, configure and remove packages for a computer.

Package is a type of archive integration programs and metadata understandable by a package manager. In the archive you have the code of the program and the tools to configure it.

O


OAuth

OAuth 1.0(a)

RFC 5849

OAuth 2.0

RFC 6749 & 6750

P


PKCE

RFC 7636

Acronym for Proof Key for Code Exchange.

This is a core part of the OAuth security with sensitive Apps such as SPA and Web apps.

The purpose of this feature is to have a Key only known by the requester (Client App mostly) because generated by it. This key is encoded and send alongside the request to authorization server. During the Authorization Code flow, at any time, this key ensure that The authorization Server is interacting with the correct Entity. If a hacker or malicious entity intercept the HTTP request between them, he cannot continue the flow without this proof and the Flow will be interrupted.

R


Resource Server

As it's name, this entity manage protected resources and has to authorize actions on them using the access token provided

S


Scope

In computer science scope is mainly refering to rights over an entity. That's mean what can it be possible to do with an entity or a variable (such as read, write ...) Or mainly to a general action

it is generally composed of two parts:

  • possible action (read, write, ..) ⚠️ can be null
  • entity/resource

Here are some examples

  • read:invoices
  • write:posts
  • profile -> this can allow all actions to this entity resource

SDK

An SDK is a Software Development Kit or shorty devkit.

The kit is a collection of software development tools in a single package to facilitate integrations in applications.

A SDK can have single or multiple purposes and be avaible for one or more programming language.

Here are some SDK purposes:

  • Allow to interract with a remote service
  • Make easier the management of a complex process (AR, Authentication ...)
  • Give a bundle of tools to integrate some design components

T


Tenancy

A Tenancy is entities and context related to a Tenant.

Tenant

A Tenant represents the entity managing APIs, Applications, Users ... As one of our client you mostly handle one but it is possible for more.

Tenant Parameters

When an end-user enter a sign process through an App or API, things like interface , scopes, emails are related to linked Tenant. That means an end-user signin through API 1 or App A of Tenant T1 will be in authentication process of Tenant T1.

If you want to have separate UI you must handle multi tenants (multi-tenancy)

Token

In the Authorization process they mainly 3 types:

U


User

End-user data record (meaning email, profile information, metadata ...)

W


Web Browser

Software allowing user to browser webpages