Skip to content

Authentication

Jump to bottom
Alvin Lee edited this page Jun 30, 2023 · 3 revisions

The Aquarius SDK supports two modes of token-based authentication: 1) Session Token (i.e., credentials users); and 2) OpenID Connect Access Token (i.e., OpenID Connect, or AQI Identity).

Session Token

An authenticated client is created by passing a server name and credentials to the AquariusClient AquariusClient.createConnectedClient(server, user, password) static method.

try (AquariusClient client = AquariusClient.createConnectedClient("myserver", "myuser", "mypassword")) {
    // Make AQTS public API requests here
}

OpenID Connect Access Token

Access Tokens generated by supported OpenID Connect (OAuth 2.0) authentication providers can be used to authenticate with any Time-Series REST APIs. An authenticated client is created by passing a server name and access token to the IAquariusClient AquariusClient.CreateConnectedClient(server, accessToken) static method.

try (AquariusClient client = AquariusClient.createConnectedClient("myserver", "myaccesstoken")) {
    // Make AQTS public API requests here
}

Aquarius Client

The AquariusClient class implements AutoCloseable, so wrapping it in a try(...) with-resources statement is the preferred method to ensure proper resource handling. The authenticated session will be deleted by a DELETE /session request when the close() method is invoked.

If the supplied credentials or access token are not valid, or are unknown to the AQTS server, the createConnectedClient() method will throw a WebServiceException exception.

Hostname format

The hostname string parameter of the createConnectedClient() method accepts a variety of string formats to specify the AQTS server.

  • Supports http:// and https:// URL schemes. If no URL scheme is specified, http:// is used.
  • Supports dns names, IPv4, or IPv6 addresses.

The above rules mean that the "myserver" and "http://myserver" string values are functionally-equivalent hostname parameters values.

Password encryption

For Session Token-based authentication, the createConnectedClient() method encrypts the password using the AQTS server's public key before POSTing the authentication request. While this will prevent the password from being transmitted in plain text over an HTTP connection, the POST request itself is still vulnerable to a replay-attack.

For OpenID Connect Access Token-based authentication, consider the OAuth Access Tokens as a private secret similar to a user password. When security is important to your deployment, please install a TLS certificate on your AQTS server and use HTTPS connections to secure all the API traffic.

Still have questions? Feel free to raise an issue or contact our Support Team

  1. SDK design philosophy (on the .NET SDK wiki)
  2. AQTS client concepts
    1. Authentication
    2. Standard Request/Response DTO Pattern
    3. Error Handling
    4. Service Models
    5. Helper classes
    6. Version checking
  3. AQTS code examples
    1. Finding the unique ID of a time-series
    2. Creating a time-series
    3. Creating a derived time-series
    4. Appending points to a basic time-series
    5. Appending points to a reflected time-series
    6. Monitoring changes to a time-series
    7. Retrieving all the locations on an AQTS server
    8. Uploading an external report
  4. Troubleshooting tips
    1. Capture your HTTP traffic

Clone this wiki locally