Authorizing to Faspex

Faspex requires your application use OAuth 2 to authorize your application to access protected Faspex resources.

OAuth 2 overview

Faspex protected resources require you to provide a bearer token in the authorization header of a request. For example:
"Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoyLCJleHAiOjE1OTYwMzY3NzV9.068OqoSZoTLYYMpEjYf5poK0hxVEYpktaAYx7hBKP9I"
To retrieve a token, you must implement one of the supported OAuth 2 methods. Each method uses a workflow that at its core has these steps:

  1. Your client application authorizes to a registered OAuth 2 client (configured based on the authorization method) through the Faspex authentication component.
  2. Your user is redirected to the Faspex UI login page and securely submits the credentials to log in. On performing this step, the user authorizes your client application to access the Faspex API on your user's behalf.
  3. Faspex provides your client application with a bearer token.
  4. Your client application uses the bearer token to request access to protected endpoints on the Faspex resource server.
  5. The Faspex authorization component confirms the validity of the bearer token and returns the requested resource.

The client application (your web client) does not submit the credentials to the Faspex authentication component. The faspex UI login page securely submits the credentials for authentication to Faspex.

OAuth 2 methods

Before your application can authorize to Faspex using OAuth 2, you must first register an API client for your application. Faspex supports these OAuth 2 methods:
OAuth 2 with SAML
Web applications requiring users to authenticated through a configured SAML identity provider (SAML IdP).
OAuth 2 PKCE (Proof Key for Code Exchange)
Web and mobile applications requiring users to enter credentials into a user login page, which then authenticates to the Faspex server.
Note: The Faspex UI acts as an OAuth 2 client to authenticate to the Faspex API server. The Faspex UI is a pre-registered OAuth 2 client.
OAuth 2 JWT (JSON Web Token Grant)
Non-web applications that do not require access to user-protected endpoints, such as an application that monitors background jobs.