API Security

Puzzel’s API security is based on OpenID Connect, OpenID Connect is a identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST -like manner.

OpenID Connect allows clients of all types, including Web-based, mobile and JavaScripts clients, to request and receive information about authenticated sessions and end-users.

See http://openid.net/connect/faq/ for a set of answers to Frequently Asked Questions about OpenID Connect.

Name Description
Lines Green dotted line: server. Blue dotted line: platform. Circle, process
Global config file Global configuration file that contains (encrypted) private key
Agent Agent client and other clients iusing the auth service to get accesstoken
Auth0 3rd party service we use for SSO. Agent is redirected here for SSO authentication      
Audiocodes Audiocodes is the phone switch that uses the auth service to check accesstoken for users accessing softphone
IQ PROD Database containing all users, their configuration and credentials. Also contains refreshtokens. Map external users towards a user id
DF1 Logon on with credentials or refreshtoken to receive accestoken. Only support https
DF2 Retrive accestoken on request. Only support https
DF3 Get user data and refresh token
DF4 logon a user, get configuration data for a user
DF5 Send softphone adress of user
DF6 Ask Introspection Response Endpoint with an accesstoken to get softphone adress of user
DF7 Get user claims based on an auth token 
DF8 Send user claims

Published

Last updated

7
-2