Good day,
In my adapter, I have configure a securityCheckDefinition as follow:
<securityCheckDefinition name="UserAuthentication" class="com.mobile.authentication.UserAuthentication">
<property name="maxAttempts" defaultValue="3" description="How many attempts are allowed"/>
</securityCheckDefinition>
In my mfp console application, under Security tab, I have configure a scope call push.mobileclient.
And in my Front end code, I call the mfp login method as follow to "authenticate" my client with mfp:
WLAuthorizationManager.login('UserAuthentication', authObj)
I saw my .handleSuccess() being trigger, means the "authentication" part is successful. (Please correct me if I am wrong.)
After .handleSuccess(), I call mfp obtainAccessToken() method to check whether my client already successful "authenticate" with mfp or not, the code is as follow:
WLAuthorizationManager.obtainAccessToken('push.mobileclient').then(
function (accessToken) {
WL.Logger.debug("obtainAccessToken onSuccess");
console.log("obtainAccessToken onSuccess");
console.log(accessToken)
},
function (response) {
WL.Logger.debug("obtainAccessToken onFailure: " + JSON.stringify(response));
console.log("obtainAccessToken onFailure: " + JSON.stringify(response));
});
And the asnwer is Yes, I get the "obtainAccessToken onSuccess".
My question is I call WLAuthorizationManager.login('UserAuthentication', authObj) to "register/authenticate" to mfp, but when I want to check its success or not, I am using WLAuthorizationManager.obtainAccessToken('push.mobileclient'), 1 is UserAuthentication, and another 1 is push.mobileclient, 2 different thing, how come the WLAuthorizationManager.obtainAccessToken('push.mobileclient') know that my client already "register/authenticate" successful?
When you fire
WLAuthorizationManager.login(SecurityCheckName, authObj)you are authenticating a user with MobileFirst Server. You are creating anAuthenticatedUserobject and setting an AuthenticationContext. This process creates the authentication state that is retained in the server and sends the response to the client. At client, the response enters thehandleSuccess()method in the ChallengeHandler class and this completes the authentication flow.Later, when you call
WLAuthorizationManager.obtainAccessToken(scopename)you are requesting MobileFirst Authorization Server to issue an OAuth Token for scope<scopename>. In your case,"push.mobileclient".If the scope is defined in MobileFirst Administration Console, but not mapped to a securitycheck (
UserAuthenticationin your case), MobileFirst Server issues an OAuth token for scope<scopeName>.How did MobileFirst server know that client was already registered or authenticated?
MobileFirst server persists the registration and authentication state for the client. Even without a login to custom securitycheck, MobileFirst server applies a default level of security and maintains an authentication state. When the client logs into a custom securitycheck, MobileFirst server updates the authentication state with this information. This way, the authenticate state is maintained with all the information until it expires or the client logs out.
However, in MobileFirst console, if the scope were mapped to a security check ( eg. UserAuthentication), then first MobileFirst server checks if you have already logged into UserAuthentication (the login you did first) and the authentication context is still valid (not expired). If so, MobileFirst Server continues to issue an OAuth token with
<scopeName>. If not, MobileFirst Server first challenges you to authenticate. This challenge will arrive at thehandleChallenge()method of your ChallengeHandler class. Once the challenge-response completes successfully and the flow entershandleSuccess(), MobileFirst Server will issue the OAuth token with scope<scopeName>.