Authentication & Authorization

Authentication and authorization are similar concepts, but distinct security processes in the world of identity and access management. Authentication confirms that users are who they say they are. Authorization gives those users permission to do a thing.

Authentication

Authentication in LiteFarm takes place in one of two ways:

  1. By authenticating via Google SSO (shown in the diagram below)

  2. By providing a username and password (hash) that resolves to a username and password hash match in the database

Once authenticated, an access token is returned to the user to be stored in their browser.

Authorization

After authenticating, LiteFarm returns an access token to be stored in the user’s browser. The LiteFarm access token must implement the jwt standard. The access token lays out the specific information about that users' session in a secure, encoded fashion. In addition to fields required by the jwt standard, it contains the following attributes:

  • a unique identifier for the user

  • The full name of the user

  • a unique identifier for the userFarm they’re accessing

  • a unique identifier for the farm they’re accessing

  • a unique identifier for their role at that farm

Using Access Tokens

Once a user has received an access token, that token must accompany any request to a LiteFarm service. Services interrogate that token in order to access the relevant information for it’s operations (e.g. user_id or farm_id).

Using this scheme, an API call will resemble the following: