02 September 2019
Authenticate API client applications with Auth0
In the workplace, I tell you one of the biggest challenges I had to face.
First let’s see some definitions.
What is an API?
An API (Application Programming Interface) is a set of routines that provides access to certain software functions.
That is, in order not to have to reinvent the wheel, one could make calls to already created APIs that provide the functionality we want.
In our case we are working specifically with Web APIs.
For example, an application that wants to show the weather forecast, instead of developing all the collection and analysis of climate data (which would be expensive) makes calls to an API that already implements it, for example Open weather map.
On the other hand, suppose an application that in its description the user can put a song that he likes. To save a lot of work the application could make calls to the Spotify API.
What is Auth0?
Auth0 is an Argentine company that provides the user authentication and authorization service into a product, thus simplifying development work.
Basically it provides the applications with the login box, so they don’t have to develop it themselves, and so on avoid expenses and maintenance costs of one of the critical points of any system.
What is Oauth 2.0?
Oauth 2.0 It is an open protocol for authentication and delegation of access permissions.
Widely used in social networks, for example: to be able to enter with your Facebook user to some other application, without giving the latter the credentials of your facebook user.
In the development project I am working on, one of the features provided by the system is an API Manager, which allows you to create, edit, publish/unpublish and delete APIs.
Finally, summarizing in a paragraph what I have been developing in the system is:
that an Editor of APIs can protect Endpoints from this with Auth0 using the Oauth 2.0 protocol, in order to achieve that only the allowed client applications can have access.