Skip to content

Home

Jump to bottom
Greg Bowler edited this page May 12, 2023 · 8 revisions

The Authwave Provider is the hosted service that provides the end user authentication service, including the auth user interface, user account storage and secure communication between provider and application. The provider can be hosted on the internet, or self hosted as part of your application architecture.

The consumer application describes the software that is being developed that requires authentication to be provided by Authwave - this application will consume the data provided by the provider.

The client is the software library provided by Authwave that your consumer application will depend on to make the connection between consumer and provider.

User authentication flow

The "flow" is what's referred to when describing the steps taken by the user or the provider in producing a slick, usable and accessible user authentication process.

In short, this consists of the following points:

  1. User performs "login" action within client application, such as clicking a login button on a page that requires authentication.
  2. Server-side code redirects user's browser to Authwave provider for that application.
  3. All authentication is handled within Authwave Provider including forgotten passwords and account creation.
  4. Authwave Provider redirects back to client application.
  5. Client application's server-side code has access to "User" object to store wherever most suitable for the application.

A more detailed breakdown of all the above steps is available in the end-to-end authentication flow section.

Client libraries

Authwave aims to be as accessible as possible to end-users and developers alike. The following client applications are officially supported:

Implementing a client library

It's possible to interact with Authwave provider directly with cURL, but it's easier to integrate with an abstraction library. The steps required to build a client library of your own are documented in the building a client library section.

Contributing

If you wish to develop Authwave you can clone the source code, run the tests and add new features as described in the contributing to Authwave section.

Security

OWASP have provided an excellent cheat sheet on the topic of authentication, amongst many other articles on different information security concepts: https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html

This guide will be referenced to throughout the documentation.

If you discover any security vulnerabilities, please report them to security@authwave.com

Clone this wiki locally