Single-Page JavaScript App

This topic describes the OAuth 2.0 implicit grant type supported by Pivotal Single Sign‑On. The implicit grant type is for apps with a client secret that is not guaranteed to be confidential.

OAuth 2.0 Roles

  • Resource Owner: A person or system capable of granting access to a protected resource.
  • Application: A client that makes protected requests using the authorization of the resource owner.
  • Authorization Server: The SPivotal Single Sign‑On server that issues access tokens to client apps after successfully authenticating the resource owner.
  • Resource Server: The server that hosts protected resources and accepts and responds to protected resource requests using access tokens. apps access the server through APIs.

Implicit Flow

Oauth implicit

  1. Access Application: The user accesses the app and triggers authentication and authorization.
  2. Authentication and Request Authorization: The app prompts the user for their username and password. The first time the user goes through this flow for the app, the user sees an approval page. On this page, the user can choose permissions to authorize the app to access resources on their behalf.
  3. Authentication and Grant Authorization: The authorization server receives the authentication and authorization grant.
  4. Issue Access Token: The authorization server validates the authorization code and returns an access token with the redirect URL.
  5. Request Resource w/ Access Token in: The app attempts to access the resource from the resource server by presenting the access token in the URL.
  6. Return Resource: If the access token is valid, the resource server returns the resources that the user authorized the app to receive.

The resource server runs in Pivotal Platform under a given space and org. Developers set the permissions for the resource server API endpoints. To do this, they create resources that correspond to API endpoints secured by Pivotal Single Sign‑On. apps can then access these resources on behalf of users.