+++ /dev/null
----
-layout: default
-navsection: api
-navmenu: Concepts
-title: Authentication
-navorder: 2
-...
-
-h1. Authentication
-
-Every API request (except the authentication API itself) includes an @access_token@ parameter.
-
-table(table table-bordered table-condensed).
-|Name|Type|Description|
-|access_token|string|Access token returned by OAuth 2.0 authorization procedure|
-
-Many resources contain "actor" attributes like @modified_by@. An @access_token@ uniquely identifies a client (application or project) and an end-user.
-
-table(table table-bordered table-condensed).
-|Name|Type|Description|
-|modified_by_client_uuid|string|ID of API client|
-|modified_by_user_uuid|string|ID of authenticated user|
-
-h2. Authorizing a client application
-
-The Arvados API uses the "OAuth 2.0 protocol":http://tools.ietf.org/html/draft-ietf-oauth-v2-22 for authentication and authorization.
-
-h3. Register your client application
-
-Before an application can run on an Arvados cloud, it needs to be registered with the cloud.
-
-That registration yields a @client_id@ and a @client_secret@.
-
-h3. Obtain an access code
-
-A client obtains an access code by means of a standard Oauth 2.0 flow. The access code is granted to it by an authorized user. The client requests one or more scopes, which translate to a set of requested permissions (reading, writing, etc). Unless the access is to be short-lived, a refresh token is also granted to the application.
-
-h3. Refresh the access code (optional)
-
-Access codes have a limited lifetime. A refresh token allows an application to request a new access token.
projects / arvados.git / blobdiff