Search results for "{{ search.query }}"

No results found for "{{search.query}}". 
View All Results

Open Authentication/Open ID Connector Overview

OAuth2/OpenIDC

Important: The following information is only valid if Xively is your Identity Provider (IDM).

Xively has a standard OAuth2/OpenID provider service for Xively's Identity Management system.
With Xively Open ID you can allow your customer's Xively device or Xively services to communicate with external systems such as Amazon Echo and Google Home.

Example
A Xively customer with a connected thermostat wants their end-users who use the thermostat to be able to activate, set and query it using Amazon Alexa.

How it Authenticates

To authenticate, Xively uses a federated login process.
Xively supports Oauth Authorization code grant.
The authentication steps are not seen by the End-User. The End-User equip the skills or abilities to their device or software and do not see any further interactions. After successful pairing of the client, it is granted jwt based access to an end-user's organization including devices and Xively services.

The Setup Process

  1. Reach out to your Sales Engineer/Account manager with and provide the following information:
    • Xively Account Email address
    Xively AccountID
    • Client name - this is the name of the skill that is going to be shown for your customers on UI
    • The redirect URLs
  2. Your Xively Representative will send you back the necessary information to set up your client.

Xively's standard OpenID config

https://id.xively.com/.well-known/openid-configuration

Type
Details

"issuer":

"authorization_endpoint":

"userinfo_endpoint":

"scopes_supported":

[ "openid", "xively_apis", "offline_access" ],

"claims_supported":

[ "sub", "id", "userId", "accountId", "roles", "expires", "cert" ],

"grant_types_supported":

[ "authorization_code" ],

"response_types_supported":

[ "code" ],

"response_modes_supported":

[ "form_post", "query", "fragment" ],

"token_endpoint_auth_methods_supported":

["client_secret_basic", "client_secret_post"],

"subject_types_supported":

[ "public" ],

"id_token_signing_alg_values_supported":

[ "RS256" ],

"code_challenge_methods_supported":

[ "plain", "S256" ]

The refresh token period is 100 days with sliding window counting from the last login.
The jwt lifetime is 20 minutes.


Open Authentication/Open ID Connector Overview

OAuth2/OpenIDC