Before deploying in production your B2STAGE HTTP-API server you should evaluate which mechanisms suites your use case for authentication.
There are two main available options:
- a local authentication based on the accounts registered in the B2SAFE connected server
- a global EUDAT authentication relying on the B2ACCESS service
B2ACCESS is the service that holds the official/global EUDAT authentication across the whole international infrastructure.
Your application must be registered as a client for the B2ACCESS OAUTH protocol. If you don't have such registration you can proceed with the following steps:
- Go to the B2ACCESS server instance you need to refer. There are three instances available at the moment of writing you can choose:
- The official production instance
- The integration instance
- Finally the development instance
- Click on the
register a new account
link on the website - Choose the
Oauth 2.0 Client Registration Form
- As
OAuth client return URL
indicatehttps://YOUR_SERVER/auth/authorize
- Once you receive your credentials you have to apply them in the project_configuration.yaml dedicated variables (with the
B2ACCESS_
prefix).
Once you start the B2STAGE server with the two variables B2ACCESS_ACCOUNT
and B2ACCESS_SECRET
set, the related endpoints will be activated (you may double-check this inside your /api/specs
JSON content).
Please read also how the authentication works for a user here
Warning: there is an ongoing issue between B2SAFE
and B2ACCESS
on their trust of chain based on X509
certificates. Only the development instance of B2ACCESS is known to work correctly at the time of writing.
For more informations please ask in the dedicated chat channel.
B2SAFE offers through its iRODS
server a local management of users which is not related to the EUDAT centralized accounting.
Once you start the B2STAGE server without setting the two variables B2ACCESS_ACCOUNT
and B2ACCESS_SECRET
(which is the default
as for the current open issues), the related endpoints will be activated (you may double-check this inside your /api/specs
JSON content).
Please read also how the authentication works for a user here.