Data Authentication
Overview
Users of the platform can link data from external sources, such as websites or external servers, into their workspaces or blogs.
For data that needs to be secured such that access is granted on an individual user basis, the davinci platform
provides an authentication mechanism using access tokens.
Tokens
Tokens is the list of tokens that are passed in any web data calls. Whenever an app or a blog makes a call to
a data source, it will use your list of tokens to pass information to that data site. This allows the site
to understand who is requesting the data.
Tokens have five pieces of information:
-
URL : url is the web address of the data. Whenever a call is made to this URL, or any URL for which
this url is the first portion of the URL, this token is judged to have been matched to the data URL
- Key: the key is piece of text that is passed to the URL when the data call is made
- Value: the value is piece of text that is passed to the URL when the data call is made
-
Requires Permission: if permission is set, then whenever a call is made to this URL, the user is
required to accept.
Both the key and the value are sent to URL whenever a data request is made. You can associate multiple tokens
with any URL.
Whenever you visit a blog created by another user, the blog may make a data request in order to display the blog
correctly. When it does so, it will match your tokens to the data URL and pass any tokens you have along to the
site. This makes it possible for a blog to use secure data that requires a user name and password.
For security reasons, if you set requires permission, you will be prompted whenever the site wishes to contact a URL for which you have associated tokens.
You will be asked if you wish to let the blog use your tokens, and the URL will be shown to you. You can accept or deny
the blog from using your tokens. When you grant permission, you can grant permission to all calls
by clicking the "accept all" button. This means you wil not be prompted again
For more information about davinci security, please see
security
Header Tokens
Header tokens are inlcuded in the HTTP header instead of the POST. However, there are only two allowed
keys here.
- Basic Authentication - if there is a token where the key is "username" and another token
where the key is "password", this is translated to "Basic "+value
where the value is btoa(headerParams.username + ":" + headerParams.password)
-
If the token key is "token" then this is translated
to "Authorization" and the value is "Bearer "+value.
All other header tokens will be ignored. (THat is, if the key is not either "username" or "token", it is ignored)
Token Prompts
For some authorizations, you want the page to prompt you. You can add a token with the prompt checkbox checked. This means
that the token will function as the tokens above (either a post token or header token), but you will be prompted for the value.
That is, you will be displayed a dialog window where each key is listed and you will be prompted for the value.
Sending Tokens adn Token Requests
Users may wish to send a token to another user. For example, you may be hosting a dataset on a webserver and wish to grant
access to another user. Enter in the token information, but click the send button when complete. You will be prompted for
the user you wish to send the token to. You must be a contact of the user you are sending the token to in order for them to receive
the token.
The token will enter a waiting queue for the user to accept. When a user has tokens waiting to be accepted, a link will
appear underneath the send and add buttons for "token requests". Open the token requests dialog by clicking the link.
For each token sent to you, you can either accept or reject the token. If you accept the token, it will be added to your
list of tokens.
NOTE: you will not be able to view the value associated with the token. This provides a layer of security so that you cannot
share the token with other users.
Video Demos
