A PIN is a confidential numeric password used to authenticate a user to a server. Using PIN-based authentication, the user inputs a PIN code into your application. Typically, the user is presented with the PIN from the SmartVault web server and either enters the code manually or performs a copy and paste operation to put the PIN into your application. Your application can now exchange the PIN for a delegation token.
This authentication technique involves three actors: the user, the application running on a web server, and the server provider. The application is the one trying to access the user’s private data. The user is the one who wants to use the application and allow it to have access to his or her private data. And last but not least, the server provider is where the user has his or her private data stored.
The following diagram demonstrates the pin-based authentication process:
Once you have created a developer account, register a Client ID to identify your application and authorize this application to perform PIN-based authentication. When a user says they would like to be able to use your application, you’ll need to make a request for a pin to SmartVault. Rather than directly giving you the pin, SmartVault will provide you with an authorization URI where the user can view the pin. You will need to re-direct him or her to this URI, where they will be shown the PIN. Next, the user will need to input the PIN into your application, thus authorizing your application. Once you have the PIN, you can request a delegation token in order to be able to impersonate the user. You can perform subsequent calls by impersonating the user; this is done using basic authentication — the user’s email address is the username and the token is the password.
Leave A Comment?