Security provider - Authorization server¶
The Authorization Server security provider allows Vinyl to operate as both an OAuth 2.0 and OpenID Connect (OIDC) authorization server. OIDC clients can use the Authorization Server to authenticate users. Access tokens issued by the Authorization Server can be used to access Vinyl-hosted REST, Webhook and Vinyl Connector APIs.
Configuration¶
Vinyl ships with an Authorization Server security provider. The security provider is disabled by default. To enable the Authorization Server, start by signing into Vinyl as an administrator:
- Click the IDE link.
- Click the Security Providers button.
- In the User Authentication panel, locate the Authorization Server and click the Details icon (Chevron).
- Click the Edit button.
- Check the Enabled option.
- Click the Save button.
To use the authorization server to authenticate users and access protected resources, you will need to register one or more client applications. See the Client authentication document for detailed instructions on how to register client applications.
Certificates¶
The Authorization Server security provider requires two certificates, one for encryption and one for signing. These certificates are automatically generated when Vinyl first starts. No additional configuration is required.
| Purpose | Type | Format | Description |
|---|---|---|---|
| Encryption | X.509 Certificate | PKCS#12 (PFX), base64-encoded | X.509 certificate used to encrypt access and refresh tokens. |
| Signing | X.509 Certificate | PKCS#12 (PFX), base64-encoded | X.509 certificate used to sign identity tokens. |
Properties¶
The Authorization Server supports the following additional parameters. Default values are supplied for both parameters. No additional configuration is required.
| Parameter | Default | Example | |
|---|---|---|---|
| CertificateKeySize | 2048 | 4096 | Certificate key size in bits. |
| CertificateLifetime | 3650 | 730 | Certificate lifetime in days. |