...
| Panel | ||||||
|---|---|---|---|---|---|---|
| ||||||
Client Application: This is the application that wants to access a protected resource Authorisation Server: The server that authenticates the Client and issues access tokens (e.g DualShield Authentication server) Resource Server: The API or service the client wants to access, using the access token (also DualShield Authentication Server) Access Token: A credential issued by the authorisation server that the client uses to access protected resources. Typically a JWT (JSON Web Token) consisting of a client ID and Client Secretan authorisation bearer header. Proxy Server: Acting as an intermediary between a client and another server |
...
Once the authorisation server has validated this request, it will send an access token back to the client. The Access token contains The Authorisation bearer header.
The Client now sends sends an API call (request) to the Proxy gateway. The API call will contatin the Access token with the bearer header.
The Proxy server validates the access token and forwards the request to the Resource Server (In this case DualShield backend is also the resourse resource server)
The Resourse Resource server responds with the requested resourseresource.