Premalink: https://doc.oneportal.fi/x/M4IW
Table of Contents |
---|
This discussion is meant to kick-start new developers in using onePortal™ on their external applications revealing their own protected APIs. The general term used for such application is a Resource Server, or RS for short.
Current state, group-to-role mapping
In addition to being OpenID Provider, or OP for short, onePortal™ has its own integrated Resource Server, RS. Things are little different in that case, but not much. The image below should clarify the arrangement in the case of external Resource Server.
...
All this applies whether the external application is implemented as a stateless clustered microservice, or a more monolithic traditional application. Also, it does not matter where the external application database resides. It may even not have a separate database at all, and it only uses the Cloud DB in onePortal™.
Future custom scopes
We are adding the possibility to add custom scopes. Those scopes are basically just strings. onePortal™ does not care, nor understand the meaning of those scopes. External applications may use those scopes for fine-grained permission management.
...