May 11, 2017 | Written by: Daniel DeGroff
Categorized: How-tos | What's New
Share this post:
If you’re an IBM Bluemix customer and are currently using the Stormpath API for login or authorization, this information is particularly important for you. If you’re not a Stormpath client, it is still important for you to read and share with anyone using Stormpath.
Okta acquired Stormpath this past March and announced that the Stormpath API will be shutdown on August 17th at noon PST.
This means that Stormpath users must migrate, and they must do it soon.
Passport by Inversoft is a modern take on identity and user management that can be integrated into any platform. Better yet, unlike Stormpath, Inversoft is an IBM Business Partner and Passport is available in the IBM Bluemix Catalog and comes with a complete integration tutorial.
Out of the box, Passport delivers:
- Easy to use RESTful APIs
- Client Libraries written in Python, Ruby, PHP, Node.js, Java and C#
- User registration and login
- User management interface
- OAuth 2.0
- JSON Web Tokens
- Single Sign-on
- Configurable Password Encryption
- Two-factor authentication
- Custom user data and user data search
- Localized Email templates
- Transactional Webhooks and Custom Events
- Reporting & Analytics
Stormpath to Passport
The following table lists each Stormpath API and the Passport API that provides similar functionality.
Stormpath has documented an export procedure to allow you to extract all of your user data, including hashed passwords, in an encrypted zip file. We’ve built an API to consume this JSON data allowing you to easily import your existing users into Passport.
We’ve already begun to assist existing Stormpath clients with this migration process. Please contact us at email@example.com to make the transition as painless as possible. We are not just another vendor, but a IBM Business Partner committed to helping you succeed.
Note: If you are simply adding Passport to a new application built in Bluemix, just follow this guide and you’ll be up and running in 20 minutes or less.
Authenticating a User
To give you a feel for integrating with Passport, we will show how easy it is to start authenticating users against the Passport API. A common use case for mobile login will be to utilize JSON Web Tokens and a Refresh Token to allow the user to stay authenticated for a longer period of time.
Consider your iOS or Android phone; once you’ve logged into an application you generally don’t need to login each time you open the app. Our recommended approach for mobile login is to utilize JSON Web Tokens and a Refresh Token to allow the user to stay authenticated for a longer period of time.
In the following example, we’ll demonstrate authenticating a user with the Login API.
"password": "setec astronomy",
"description": "Mary’s iPhone"
Authorization Request with device to receive a Refresh Token
Authentication Response with Access Token (JWT) and Refresh Token (scroll from right to left to see all the code)
In the above example response, note that two tokens were returned on the login response: a JSON Web Token (JWT) and a Refresh Token.
The JWT is a long string that is composed of three discrete values: the header, payload and signature. Each value is separated by a dot. The Refresh Token is simply a generated token that is unique and remembered by Passport to identify this user and associate them to this device.
This Refresh Token can be used until it has expired or it has been revoked by Passport. A Refresh Token is used to request another Access Token – in this case a JWT.
The Refresh Token itself provides no ability to authorize the user to services, but only to request another Access Token which can in turn be used to request access to secured resources.
In Passport, requesting a new Access Token with a Refresh Token in hand is easy.
JWT Refresh Request
JWT Refresh Response (scroll from right to left to see all the code)
If you like what you see, shoot us a note and let us know how we can help. Also take a look at our API documentation
and available client libraries
; if you don’t see the client library you’re looking for let us know, we’d be happy to build it for you.