You are reading the documentation for an outdated Corteza release. 2024.9 is the latest stable Corteza release.

Authentication

The /src/plugins/auth.ts plugin handles the OAuth2 authentication logic.

The plugin is responsible for:

  • identifying the authentication server,

  • obtaining the authentication token,

  • refreshing the authentication token.

Plugin registration

The authentication plugin is registered as follows:
import { plugins } from '@cortezaproject/corteza-vue'
// ... other imports ...


// ... other plugin registrations ...

Vue.use(plugins.Auth(), { app: 'compose' })

// ... other plugin registrations ...

Authentication server identification

You can define the authentication server either explicitly or implicitly.

The server is defined explicitly when the window.CortezaAuth parameter is provided. This is normally provided in the public/config.js file.

The server is defined implicitly when the window.CortezaAuth parameter is not provided. When the window.CortezaAuth parameter is not provided, the window.CortezaAPI parameter is used. This is normally provided in the public/config.js file.

The authentication server determination is as follows:

  • CortezaAPI endpoint is explicitly set and ends with /api; the /api suffix is replaced with /auth and implicitly used as CortezaAuth.

  • CortezaAPI endpoint is explicitly set and does not end with /api; the /auth suffix is appended to the CortezaAPI value and implicitly used as CortezaAuth.

Table 1. Configuration examples:
Description CortezaAPI CortezaAuth

Setting both endpoints explicitly

window.CortezaAPI = 'your-corteza-instance.tld'

window.CortezaAuth = 'your-corteza-instance.tld/auth'

Setting CortezaAPI only

window.CortezaAPI = 'your-corteza-instance.tld/custom'

window.CortezaAuth = 'your-corteza-instance.tld/custom/auth'

Setting CortezaAPI with auto set

window.CortezaAPI = 'your-corteza-instance.tld/api'

window.CortezaAuth = 'your-corteza-instance.tld/auth'