Glossary

Ephemeral authorization_code (JWT) transmitted by the Provider. It secures User requests and represents the Authorization given to an Application to access User data.

It is an online service (e.g. internet website, application) that uses the Provider Authentication and Authorization service for its User.

Process handled by the Provider that verifies the credentials to validate a User Identity.

Process handled by the Provider that verifies the credentials to validate the permissions to access data.

A one-time code (JWT) transmitted by the Provider to the Application when a User signs in, intended to be exchanged against an access_token to complete the Authentication flow.

This is the recommended method of authenticating an Application when making a request to the /token endpoint. This method requires that you add an authorization header with the following computation "Basic Base64(client_id + ":" + client_secret)".

A unique pair of credentials that authenticate the Application from which the User intempts to sign in.

The value generated after transforming the code_verifier using the transformation method specified in code_challenge_method e.g. BASE64(SHA256(code_verifier))

The method used in encoding the code_verifier to generate the code_challenge. We currently support "S256"

A high-entropy cryptographic random string which is used as a secret to verify the authorization request and authorization_code to token exchange originates from the same user without interception.

Connect refers to the Fewlines User Authentication and Authorization Software as a Service implementing the Oauth 2.0 protocol.

A secured code (JWT) obtained by exchanging a valid access_token. It enables an Application to be trusted by another Application, so it can request access to User's data (with her or his consent).

Application A can request a token before the Provider that Application B can trust, so that Application B can safely respond to API calls emitted by Application A.

JWT format code that can be requested by an Application to add more scopes when its User signs in.

Content secured with digital signatures or Message Authentication Codes.

JSON-based access_token secured by a JWS. The tokens are signed by one party’s private key (usually the server’s), so that both parties (that are also in possession of the corresponding public key) are able to verify that the token is legitimate.

Authorization framework that enables a third-party Application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party Application to obtain access on its own behalf.

It refers to a legal person acting in its business, industrial, commercial or professional capacity, that is using Fewlines Connect to provide a User Authentication and Authorization as a Service to Applications. The Provider is either the Client of Fewlines and/or a company member of the Client Subsidiaries.

Link which contains the authorization_code and redirects to the original Application website after a successful login in on Connect.

Secured code used to refresh an expired (access_token) (it also refreshes itself on each utilisation).

The Resource Owner Password Credentials refers to the end user’s username and password, Connect supports a user’s validated email as the username.

It represents the kind of informations and actions that an Application is able to access on another Application. Every scope has to be authorized by the User during signin operation.

Secured code that guarantees the identity of the User when requesting access to scopes.

The owner of the online personal account (also referred to as the Resource Owner), whose personal data is accessible through this account.

Any personal User Data collected and processed in the context of their online personal account.