Rate this page

Learning Tools

Before you begin writing a custom auth UI, we recommend that you spend some time familiarizing yourself with the API and its interaction patterns by doing some hands-on exploration.

Default Auth UI

The Data Governance Broker ships with a default auth UI that is tightly integrated with the example starter schema configuration. This UI, a single-page AngularJS application written in TypeScript, is quite suitable for real-world production use.

You can learn much about the Auth API and its proper use by simply using the default auth UI while following the Broker’s logs. We recommend using a log configuration such as the following; it will create a log at that records detailed information about the server’s authorization and authentication processing, while also omitting noise from unrelated messages.

dsconfig create-log-publisher \
  --publisher-name "Authentication Trace Logger" \
  --type file-based-trace \
  --set enabled:true \
  --set debug-message-type:authenticator-request-and-response \
  --set debug-message-type:external-identity-provider-request-and-response \
  --set debug-message-type:http-full-request-and-response \
  --set debug-message-type:server-sdk-extension \
  --set oauth-message-type:authz-request \
  --set oauth-message-type:code-consumed \
  --set oauth-message-type:code-granted \
  --set oauth-message-type:consent-deleted \
  --set oauth-message-type:consent-denied \
  --set oauth-message-type:consent-permitted \
  --set oauth-message-type:consent-requested \
  --set oauth-message-type:exception \
  --set oauth-message-type:id-token-granted \
  --set oauth-message-type:token-granted \
  --set oauth-message-type:token-revoked \
  --set oauth-message-type:token-validation \
  --set authentication-message-type:account-flow \
  --set authentication-message-type:authentication-chain-processing \
  --set authentication-message-type:login \
  --set authentication-message-type:logout \
  --set authentication-message-type:second-factor \
  --set 'exclude-path-pattern:/**/*.css' \
  --set 'exclude-path-pattern:/**/*.eot' \
  --set 'exclude-path-pattern:/**/*.gif' \
  --set 'exclude-path-pattern:/**/*.ico' \
  --set 'exclude-path-pattern:/**/*.jpg' \
  --set 'exclude-path-pattern:/**/*.js' \
  --set 'exclude-path-pattern:/**/*.png' \
  --set 'exclude-path-pattern:/**/*.svg' \
  --set 'exclude-path-pattern:/**/*.ttf' \
  --set 'exclude-path-pattern:/**/*.woff' \
  --set 'exclude-path-pattern:/**/*.woff2' \
  --set 'exclude-path-pattern:/console/**/template/**' \
  --set exclude-path-pattern:/status \
  --set log-file:logs/authn-trace \
  --set "rotation-policy:24 Hours Time Limit Rotation Policy" \
  --set "rotation-policy:Size Limit Rotation Policy" \
  --set "retention-policy:File Count Retention Policy" \
  --set "retention-policy:Free Disk Space Retention Policy"

Auth Explorer

We also provide a tool for learning the Auth API while interactively sending and receiving raw authentication requests, the Auth Explorer. You are encouraged to use this tool while following along with this reference documentation.

Using the Login flow with the Auth Explorer