Enterprise Integration PatternsConversation Patterns
HOME    PATTERNS    RAMBLINGS    ARTICLES    TALKS    DOWNLOAD    BOOKS    CONTACT

User Grants Access

Conversation Patterns

Previous Previous   Next Next

A participant has identified a provider and is about to initiate a conversation on behalf of a user.

How can a participant engage in a conversation on behalf of a user?

  • Many services are personalized and thus require a user identity to provide the service. A generic application or service needs to pass the user's identity to this service provider.
  • Users should only authenticate directly to a service and not share their credentials, such as user ID and password, with another participant.
  • Services should not store user credentials as it may present a security risk.
  • Prompting a user with every request or session to the service is inconvenient and not possible for background processes that execute without the user's immediate attention.

Have the consumer request an access token from the service provider based on the consumer's identifier and the user authenticating the request to the provider. The consumer subsequently passes this token with the request to the provider.

The User Grants Access conversation involves the following participants:

  • The Consumer
  • The User (or Resource Owner)
  • The Provider

Example: OAuth

IETF RFC5849 specifies the following steps:

  1. The client obtains a set of temporary credentials from the server (in the form of an identifier and shared-secret). The temporary credentials are used to identify the access request throughout the authorization process.
  2. The resource owner authorizes the server to grant the client's access request (identified by the temporary credentials).
  3. The client uses the temporary credentials to request a set of token credentials from the server, which will enable it to access the resource owner's protected resources


Introduction
Overview
Preface
Table of Contents
Introduction
Describing Conversations
Choreography
Orchestration
Hypermedia State
Conversation Vocabulary
Discovery
Dynamic Discovery
Advertise Availability
Consult Directory
Referral
Leader Election
Starting a Conversation
Three-Way Hand Shake
Acquire Token First
Rotate Tokens
Verify Identity
User Grants Access
Basic Conversations
Fire-and-Forget
Asynchronous Request-Response
Request-Response with Retry
Polling
Subscribe-Notify
Quick Acknowledgment
Intermediaries
Proxy
Relay
Load Balancer
Scatter-Gather
Managing Distributed Systems
Heartbeat
Resource Management
Incremental State Build-up
Lease
Renewal Reminder
Ensuring Consistency
Ignore Error
Compensating Action
Tentative Operation
Coordinated Agreement
Appendices
Bibliography