...
This flow is specifically designed for browserless systems or a system with no input device attached, hence the word device. In this flow, the authentication is outsourced to an external device. This is typically used by IoT devices. A good example might be a smart TV where you have to confirm the login process on your mobile device by clicking on a link that has been sent to your email address. There is only limited support within the CoreOne Authentication Services for this flow as of this day.
Delegation flow
Often times there is a situation when a user access one service or endpoint but the actual action is performed on a different service or endpoint. A good example for this is an API Gateway in front of a micro service architecture. A user might call an action on the API Gateway and provide an access token for said API Gateway. The gateway will then simply forward the request to the appropriate microservice. There are various ways to solve this but the recommended solution uses a flow that is not part of the OAuth or OIDC specification but is commonly used: delegation flow.
If you select the delegation flow, the CoreOne Suite will allow the API Gateway to get a token for the microservice on behalf of the user by sending it’s original token - issued for the API Gateway - to the CoreOne Authentication Server in return for an access token for the micro service.
| Info |
|---|
This is not a standard OAuth or OIDC flow. |