| Div | ||
|---|---|---|
| ||
Contents
|
...
- OAuth v1.0 Authentication as defined in the OAuth 1.0 protocol
- OpenID Connect as described at OpenID Connect and including the core spec and optional features such as the RP-Initiated-Logout but not Discovery, dynamic registration, and other optional features. See Abiquo OpenID Connect Integration.
- SAML 2.0. See SAML Integration
- Basic HTTP Authentication as defined by RFC 2617
- Under basic auth, Abiquo supports two-factor authentication for added security
...
Abiquo has chosen to implement OAuth 1 because it is more secure and interoperable than OAuth 2. See https://hueniverse.com/oauth-2-0-and-the-road-to-hell-8eec45921529
...
| Code Block |
|---|
Authorization: Bearer <the access token> |
And you can use the Refresh token as necessary.
See Abiquo OpenID Connect Integration
SAML
When you use SAML 2.0 you can disable basic authentication, but you can still use OAuth or a session token to access the API as before. See SAML Integration.
Basic HTTP Authentication
...
Response Headers: Content-Length, Content-Type, Date, X-Abiquo-Token.
Response Message Body: N/A.
Response Status: 200, 401, 403.
Example Response: Response of the authenticated GET over a Datacenters resource
...