Page History
...
Starting an authenticated flow with the JWT authentication provider enabled works differently. We will discuss both authentication flows when using the JWT authentication provider and without.
JWT authentication provider
Starting a flow with the JWT authentication provider is different, instead of directly loading the Development Dashboard on the Runtime we will load is through the Gateway Service.
All request flow through the Gateway, the Gateway is responsible for managing and storing the User Authentication. In the Diagram you can see that the Runtime still validates the authentication but in this scenario is it not responsible for display or doing anything with the authentication flow itself. For this reason the Runtime now is dependent on the Gateway to send a form of authentication along with the Proxy Request.
Other authentication providers
...
The Authorization responsibility for non JWT authentication providers lies with the Runtime itself. The Runtime is the single point that knows that users are authenticated (with a small exception for OpenID Connect). This has the consequence that every request must first go through the Runtime for it to build an HTTP Session to stores its authentication object.
JWT authentication provider
Starting a flow with the JWT authentication provider is different, instead of directly loading the Development Dashboard on the Runtime we will load is through the Gateway Service.
All request flow through the Gateway, the Gateway is responsible for managing and storing the User Authentication. In the Diagram you can see that the Runtime still validates the authentication but in this scenario is it not responsible for display or doing anything with the authentication flow itself. For this reason the Runtime now is dependent on the Gateway to send a form of authentication along with the Proxy Request.
Overview
Content Tools