Authentication

All guides & resources to help you develop with BOSA Core Authentication

Overview

BOSA Core Authentication provides authentication solution that supports multi-tenancy authentication system. It offers a complete authentication system including client management, user authentication, and token handling. The system uses JWT (JSON Web Tokens) for secure authentication and Argon2 for password hashing.

BOSA Core Auhentication's Component Diagram

Core Features

  1. Client Management

    • Client creation and API key generation

    • Client-specific user isolation

  2. User Management

    • User registration and authentication

    • Secure secret management using Argon2

    • User verification services

  3. Token Management

    • JWT token generation and verification

    • Token expiration handling

    • Token revocation capabilities

  4. Multi-tenancy Support

    • Complete data isolation between clients

    • Client-specific user management

    • Independent authentication flows per client

    • Client-scoped token validation

    • Custom security configurations per organization

Core Process

1

Client Creation

The authentication flow begins with Client creation using a Master Key:

  1. Client Creation: A system administrator uses a Master Key to create a new Client

  2. Client API Key: The system generates a unique API Key for the Client

  3. Client Storage: Client information is securely stored in the database

2

User Management

Once a Client is established, it can manage its Users:

  1. User Creation: A Client creates Users with unique identifiers

  2. User Secret: The system generates or accepts a secret (password) for each User

  3. Secret Hashing: User secrets are hashed using Argon2 before storage

  4. User Storage: User information is securely stored in the database

3

Token Management

Authentication is performed through token issuance and verification:

  1. Token Creation: Upon successful authentication, the system generates JWT tokens

  2. Token Verification: These tokens are verified for subsequent requests

  3. Token Expiration: Tokens expire after a configurable period (default: 43,200 minutes or 30 days)

  4. Token Revocation: Tokens can be revoked by the system if needed

4

Third-Party Integrations

Third-Party Integrations

Users can extend their authentication to third-party systems:

  1. Integration Creation: Users can create integrations with third-party connectors

  2. Auth String Storage: The system securely stores authentication credentials for these integrations

  3. Scoped Access: Each integration can be granted specific scopes of access

Next Steps:

  • Start and run your first app here using Bosa Authentication

  • Check our full example here

PreviousLoggerNextQuick Start

Last updated