| Table of Contents |
|---|
Author: Ignasi Barrera
...
OAuth v1.0 Authentication as defined in the OAuth 1.0 protocol https://tools.ietf.org/html/rfc5849
OpenID Connect as described at OpenID Connecthttps://openid.net/connect/ and including the core spec and optional features such as the RP-Initiated-Logout but not Discovery, dynamic registration, and other optional features. See Abiquo OpenID Connect integration.
SAML 2.0. See SAML integration
Basic HTTP Authentication as defined by RFC 2617
Under basic auth, Abiquo UI supports two-factor authentication for added security
...
The Abiquo API implements the OAuth 1.0 protocol, so any application that implements it can be used to consume the Abiquo API. The basic authentication workflow for an already registered application, as defined by the protocol, consists of the following steps:
...
Query parameter | Description |
|---|---|
oauth_token | Required when authorizing a request token. |
oauth_callback | A callback URL where clients will be redirected after successful authentication |
oauth_verifier | Verifier value used when authorizing a Request Token |
Why OAuth 1?
Abiquo has chosen chose to implement OAuth 1 because at the time it is more was considered more secure and interoperable than OAuth 2.
See https://hueniverse.com/oauth-2-0-and-the-road-to-hell-8eec45921529
...
For an example of an Abiquo authentication flow, please see the following Python and Ruby simple applications: https://gist.github.com/nacx/8581621
...
| Code Block |
|---|
Authorization: Basic base64(<user>:<password>) |
For example, for (user:user):
Authentication header format
...
Response headers: Content-Length, Content-Type, Date, X-Abiquo-Token.
Response message body: N/A.
Response status: 200, 401, 403.
Example response: Response of the authenticated GET over a Datacenters resource
...