Authentication
IBM Video Streaming uses OAuth 2.0 for authentication and authorization. Learn about the supported authorization flows and how to authorize users.
Authorization flows
The OAuth 2.0 protocol provides several workflows for authorizing a user and obtaining an access token. It depends on the type and architecture of the client which flow is the most suitable. The following workflows are supported:
- Authorization Code: The Authorization Code flow is best suited for applications that have a server-side component. In this flow the client receives an authorization code which can be exchanged for an access token on the server side. This way the access token is not exposed to the browser.
- Client Credentials: Best choice for users developing server-side applications to manage their content or settings.
Authorization Code flow
- The user enters credentials to a secure login webpage.
- After logging in, the browser is redirected to a special URL (defined by the client), passing an authorization code in the URL.
- The third-party server obtains the access token with another HTTP request in the background, using the authorization code.
See the OAuth 2.0 Authorization Framework (https://tools.ietf.org/html/rfc6749) for details.
Client Credentials flow
Client credentials can be generated on the Video Streaming dashboard. The client obtains an access token using the client_id and client_secret. With this token the user's server-side application can access the resources of the account without user interaction.
Authorizing the user
| Property | Value |
|---|---|
| Location | https://authentication.video.ibm.com/authorize |
| Supported HTTP methods | GET, POST |
| Supported flows | Authorization Code |
The authorization endpoint is a secure web page that authenticates the user. The client should show this page to the user in an embedded browser. When the user completes the login process the browser is redirected to a special URL. The client can capture this redirect call and obtain an authorization code.
The authorization endpoint supports the following parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
| response_type | string | Yes | The type of the response. Use "code" for Authorization Code flow. |
| client_id | string | Yes | The client identifier obtained during registration. |
| redirect_uri | string | Yes | The URI where the browser will redirect after authorization. This must match one of the redirect URIs registered for the client. |
| state | string | No | An opaque value used by the client to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client. |
| scope | string | No | A space-delimited list of scopes that identify the resources that your application could access on the user's behalf. |