AuthService¶

../_images/authservice.png

IIIF Authentication Service configuration. The services configured here are exposed by the DLCS on IIIF Image API endpoints, so that a viewer that supports the IIIF Auth specification can interact with them to acquire a cookie that will gain access to the images. The DLCS enforces access control on a customer’s behalf (this is essential for performance when many hundreds of image tiles are requested). This means it is the DLCS that implements the IIIF auth flow on your behalf. In one special case, ‘clickthrough’, you can configure an auth service in the DLCS that needs no runtime interation with your own systems. However, for more complex scenarios, the DLCS will need to direct the user to your (customer) servers during the auth flow, so that they can authenticate against your system. The DLCS then needs to query your system to acquire that user’s roles, and thereby determine what level of service it can offer the user for a given protected image. See RoleProvider for information. The fields of AuthService give you control over how the service will be presented in a viewer that implements the IIF auth flow.

/customers/{customer}/authServices/{authServiceId}

Supported operations¶

Method	Label	Expects	Returns	Statuses
GET	Retrieve an Auth Service		vocab:AuthService	200 OK, 404 Not found
PUT	Create or replace an Auth Service	vocab:AuthService	vocab:AuthService	200 OK, 201 Created Auth Service, 404 Not found
DELETE	Delete the Auth Service		owl:Nothing	200 OK, 404 Not found

Supported properties¶

name¶

Name of service

domain	range	readonly	writeonly
vocab:AuthService	xsd:string	False	False

profile¶

IIIF profile (what level of compliance). You will not usually set this.

domain	range	readonly	writeonly
vocab:AuthService	xsd:string	False	False

label¶

Label that appears in IIIF model. This should be used by the viewer to present the service to the user.

domain	range	readonly	writeonly
vocab:AuthService	xsd:string	False	False

description¶

Description that appears in IIIF model. This might be used by the viewer to present the service to the user.

domain	range	readonly	writeonly
vocab:AuthService	xsd:string	False	False

pageLabel¶

Label that appears on pages generated by DLCS. If the user needs to see an interstitial page provided by the DLCS, this is the heading of the page. An example might be ‘you are about to be redirected to the single sign on system of institution X’

domain	range	readonly	writeonly
vocab:AuthService	xsd:string	False	False

pageDescription¶

Description that appears on pages generated by DLCS. As with the label above, used by the DLCS to generate pages to present to a user during the flow.

domain	range	readonly	writeonly
vocab:AuthService	xsd:string	False	False

callToAction¶

Label of button used on pages generated by DLCS (or clickthrough)

domain	range	readonly	writeonly
vocab:AuthService	xsd:string	False	False

timeToLive¶

How long a cookie session and bearer token are valid for (seconds)

domain	range	readonly	writeonly
vocab:AuthService	xsd:nonNegativeInteger	False	False

childAuthService (🔗)¶

Child auth services of a parent (relationship between login and token,logout)

domain	range	readonly	writeonly
vocab:AuthService	hydra:Collection	True	False

/customers/{customer}/authServices/{childAuthServiceId}

Method	Label	Expects	Returns	Statuses
GET	Retrieves all Nested Auth Service		hydra:Collection	200 OK
POST	Creates a new Nested Auth Service	vocab:AuthService	vocab:AuthService	201 Nested Auth Service created., 400 Bad Request

roleProvider (🔗)¶

External service that can be used by the DLCS to acquire roles for user sessions. See RoleProvider.

domain	range	readonly	writeonly
vocab:AuthService	vocab:RoleProvider	True	False

/customers/{customer}/authServices/{authServiceId}/roleProvider

Method	Label	Expects	Returns	Statuses
GET	Retrieve a Role Provider		vocab:Role	200 OK, 404 Not found