Overview

Sagrada applications use a shared model for service discovery, authentication/authorization, and request signing.

This is a basic shell, and we'll expand on it soon.

Developer docs

• For client developers
• For service developers

Components of the model

Service Discovery

The client flow starts with discovery of available services, and any relevant links/metadata about the instance. This is a fairly basic JSON format, used to direct clients to the authentication endpoint for a given service.

A description of the service and API is available.

Token Server

Authenticating to individual services requires obtaining a token for that service. This is effectively a POST request to a service-specific URL with a BrowserID assertion, and returns a service endpoint, and the required keys/tokens to access that endpoint.

More details on the token server.

Service Access

All requests to end services are authenticated using MAC Auth. The client and service developer docs linked above detail how to make and validate these requests.