Those who use the Droplit system are authenticated through their accounts, which are created through the developer portal. When a developer portal account is first created, an ecosystem and environment are created with it.
Anyone who has an account must also be registered as a user.
Droplit does not provide user credential management, and is not an identity provider. Developers must deploy their own authentication server, which must use the Droplit system for registration and authentication. This usually requires integrating or developing an identity provider. The server must register users with a key or token that uniquely identifies a user.
In the future, droplit.io will include an option to use third party identity providers for server-less products.
If a user is granted access to an environment, that user can make requests directly to that environment and its child resources.
Tokens are used to access information in the Droplit REST API, and in the Droplit command line console. Each of these tokens can be accessed in different ways, and are used in different contexts.
Only one token should be used in an API call at a time. The documentation for each API call contains the token type required, if any, to call it successfully.
Tokens obtained from the Droplit portal will expire after a certain amount of time has elapsed. If this happens, login again. Select “Keep me logged in” to prevent the token from expiring. The following token types can be obtained from the portal:
When authenticating in the console, the authentication token is stored in a Droplit folder in the home directory for a user: “USER_HOME_DIR/droplit.io/account.json”. This token does not expire.
The following token types can be obtained from the console:
The following token types can be created through the REST API:
- Enter the Droplit portal.
- Click on the account name in the top right corner.
- Select “Manage Account ” from the dropdown menu.
- Go to the “Authorization Info” section.
- Click the “Show” button to display the account ID and account token.
- Login to the Droplit command line console.
- After a correct login, the console will show the authentication token, assigned to the logged in user, for reference.
- The token can also be accessed in the droplit.io settings folder, as described above.
Use the following REST endpoint to create client tokens:
- Go to the Droplit portal.
- Enter the “Server Keys” section on the left side of the screen.
- If the ecosystem already contains one or more servers, skip to step 7.
- Create a server by clicking the “Create a Server” button.
- In the dialog box that appears, enter the required information to create the server.
- Click the “Create Server” button. The server may take some time to create.
- Select a server from the list of servers in the ecosystem.
- Tokens are displayed under the “Tokens” section of server information.
- Go to the Droplit portal.
- Enter the “Users” section on the left side of the screen.
- If the ecosystem already contains one or more users, skip to step 7.
- Create a user by clicking the “Create a User” button.
- In the dialog box that appears, enter the required information to create the user.
- Click the “Create User” button. The user may take some time to create.
- Select a user from the list of users in the ecosystem.
- If the user has environment access permissions, skip to step 12.
- Under “Access” section, click the “New access” button.
- In the dialog box that appears, enter the ID of the environment for which the user should get full access.
- Click the “Create Access” button to create the user access.
- Click the “Generate Token“ button to generate the token.
- The token is displayed in the dialog box that appears.
Droplit supports multiple modes of authentication, which are connected to different interfaces into the system. Each mode of authentication has a unique purpose.
Developer credentials are used in the developer portal and the Droplit command line consoles.
Server credentials communicate between a client's server and the Droplit system. These credentials can be created using the developer portal. Clients have their own set of authorization tokens that can be changed over time without breaking the association to the Droplit system. Server authorization tokens are ecosystem-wide, provide unrestricted access to all ecosystem resources, and must be passed in the “authorization” header with every request. Server authorization tokens should be kept secure, and never embedded in an application where the code base could be accessed. They may be stored in a server, but storing them in a mobile application or in the client side of a web application will compromise the credentials.
User-facing applications must authenticate calls with user access tokens.