API Security
Puzzel’s API security is based on OpenID Connect, OpenID Connect is a identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST -like manner.
OpenID Connect allows clients of all types, including Web-based, mobile and JavaScripts clients, to request and receive information about authenticated sessions and end-users.
See http://openid.net/connect/faq/ for a set of answers to Frequently Asked Questions about OpenID Connect.
| Name | Description |
|---|---|
| Lines | Green dotted line: server. Blue dotted line: platform. Circle, process |
| Global config file | Global configuration file that contains (encrypted) private key |
| Agent | Agent client and other clients iusing the auth service to get accesstoken |
| Auth0 | 3rd party service we use for SSO. Agent is redirected here for SSO authentication |
| Audiocodes | Audiocodes is the phone switch that uses the auth service to check accesstoken for users accessing softphone |
| IQ PROD | Database containing all users, their configuration and credentials. Also contains refreshtokens. Map external users towards a user id |
| DF1 | Logon on with credentials or refreshtoken to receive accestoken. Only support https |
| DF2 | Retrive accestoken on request. Only support https |
| DF3 | Get user data and refresh token |
| DF4 | logon a user, get configuration data for a user |
| DF5 | Send softphone adress of user |
| DF6 | Ask Introspection Response Endpoint with an accesstoken to get softphone adress of user |
| DF7 | Get user claims based on an auth token |
| DF8 | Send user claims |