Skip to main content

Delegated Authorization

Overview

Delegated Auth is a way for the authentication headers to be captured and returned in an encrypted text. This text can then be used to authenticate future requests. The primary use case is for VC UI. This allows for a request to be made through salesforce through the Named Credential to generate this encrypted text. This text can then be passed into the VC UI to act as an authentication token for future requests without having to go through salesforce for each request.

Setup

Delegated auth is available on API Proxies who have ApiProxies__x__DelegatedAuthEnabled=true and on Proxies who have Proxies__x__DelegatedAuthEnabled=true in the app settings.

Usage

After being enabled, a new endpoint /auth-payload will be available on the Api Proxy path. Calling this endpoint will return JSON that includes the encrypted auth payload as well as the expiration time. The encrypted auth can then be used in future requests by populating the x-enosix-authorization header in place of other authentication. For Proxies, new query param link-function=auth-payload is added that included encrypted auth token. The encrypted auth response matches that of the Api Proxy.

SAP client

If sap-client is provided when calling the /auth-payload endpoint, the SAP client value will be included in the encrypted payload. An encrypted payload with the SAP client baked in will require that value to be included in future calls that use the delegated auth header. If the caller does not provide the matching client, they will get a 403 response.