Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Starting with v0.7, Giles has a two part authentication mechanism. First, it requires applications to send an app token (generated by Giles for a specific app) and the token of an identity provider to authenticate a user. Giles then generates a shorter-lived authentication token specifically for Giles that can be used to use Giles' REST Api on behave behalf of a user.

To register an application with Giles:

...

Warning

Never share Giles access tokens and keep them safe. Anyone with an access token can use Giles API on your apps app's behalf.


Status
colourYellow
titleOpenId
 In order to be able to authenticate users via an OpenId Connect token, in addition to the steps described above, any application also needs to register their client id. To do this, go to Giles' system config page and add the client id (not the secret!) that your OpenId provider (currently Google) generated for your application to the list of registered client ids. If you try to authenticate a user with an OpenId token of an unregistered application, Giles will respond with:

...

With the returned Giles authentication token, you can now use Giles' REST Api.

Warning

Keep in mind that API tokens are user-specific and are used for authorization. This means that you need to request an API token for each of your users. API tokens contain information about a user and are used to assign uploads to the correct user.

Expired Giles Tokens

When sending an expired Giles token, the following response is returned:

...