Concept : Understanding Delegated Web Authentication
Contents |
[edit] Description
The Bungee DelegatedWebAuth (DWA) framework provides a simple API to take advantage of third party authentication systems. Instead of having to implement account management in your Bungee application, you can delegate user authentication to Google, Microsoft, Facebook, and others. In addition, the DWA framework can obtain session authentication tokens as part of user authentication that can be reused to securely access the web services provided by the same third parties that performed the authentication. Finally, components in the "Bungee cloud" allow your Bungee-powered application to perform this external authentication without having to redirect your application or have the application launch twice in order to handle the authentication results.
The DWA Framework begins with the DelegatedWebAuth class. It does not provide the actual authentication support; you must use a DWA driver that provides support for a specific third-party authentication API. A DWA driver inherits from DelegatedWebAuth and implements the specific authentication functions, while DelegatedWebAuth provides the common authenticate() function that triggers the authentication operation. The authenticate() function causes an overlay form to be displayed over the current form and a new window opens for the third party authentication. After a user successfully authenticates with the third party using the new browser window, the window automatically closes and control is passed back to the Bungee application.
Most of the third party authentication systems require you to register your application with them so that you can obtain an application ID and/or a shared secret key to enable secure communication. You must configure your driver instances with this specific information for it to function correctly. Because each authentication provider has a different concept of a session token, each driver has its own specific functions for retrieving the resulting data for the authentication.
Bungee supported DWA drivers are available as a shared Typelib in the Bungee Share under the name Bungee_DWA_Drivers. Currently, support for MS Live ID, Facebook, and Google AuthSub is available. For more details on using each driver, see the Using Delegated Web Authentication Drivers.
Developers can write their own DWA drivers. See the Writing Delegated Web Authentication Drivers for details on writing a DWA driver.
[edit] See Also
DelegatedWebAuth
Using Delegated Web Authentication Drivers
Writing Delegated Web Authentication Drivers