Welcome to Seed Auth API’s documentation!¶
Contents:
Overview¶
Seed Auth was designed to allow one or more applications to be able to delegate authentication and user and permission management to a single, internal service. For the case of multiple applications, this avoids the need for users to authenticate separately for each application.
An application would use Seed Auth as follows:
- Permissions are added to teams of users in Seed Auth, where each permission could be an application-specific permission, or a permission relevant to Seed Auth.
- An authentication token is acquired for a user in Seed Auth.
- When a client sends a request to an application, the application makes a request to Seed Auth using the authentication token given in the client’s request’s
Authorization
header, and is given back the permissions granted to the authenticated user. The user’s permissions are used by the application to determine whether the user has access to the requested resource.
client ------------------> application ----------------> seed-auth-api
GET /things/23 Get /user
Authorization: Token 1234 Authorization: Token 1234
<------------------ <---------------
{id: '23'} {
...
permissions: [{
namespace: 'app:foo',
type: 'thing:read',
object_id: '23'
}]
}