From DreamFactory
Jump to: navigation, search

    1. Overview

DreamFactory provides very extensive Authentication and Authorization features. Single sign-on, user per-application roles, Role-Service access are all carefully implemented to provide a secure, robust, and scalable platform for authenticating and controlling user access to all services and resources.

DreamFactory separates administrators from other users. Every DreamFactory instance must have at least one administrator configured at installation. Administrators can login, use the admin console, perform API calls, do not have roles, and are not required to use API keys for access. Non-administrators are generally the users of the applications running on a DreamFactory instance. Each application has an unique API key. All non-administrator users are required to use an API key to access the system. Roles are assigned to a user on per-application basis. This enables the flexibility of having a single user with different roles across different applications in the system. Each application can also have a default role assigned. If no role is assigned to a user for an application then access is controlled by the default application role.

DreamFactory supports the standard username and password based authentication, but it can also be provisioned to utilize most common OAuth providers and even LDAP and Active Directory.

    1. Authentication
      1. JSON Web Token (JWT)
      1. Standard Username/Password based Authentication
      1. OAuth
      1. AD/LDAP
    1. Authorization
      1. API Key
      1. Role Service Access
        1. Advanced Filters
        1. Lookups