Technology

Identity Management

Passport is our Identity Management system and is used for authentication. We use Identity Server 4 for Identity Management:
http://docs.identityserver.io/

While MView is used for all our normal identity management administration, we also provide Skoruba as an alternative administrative front end for passport:
https://github.com/skoruba/IdentityServer4.Admin

Skoruba can carry out some specialist Identity 4 Management administration, which, while not normally required, can be of assistance occasionally.

Passport implements OpenID authentication. With OpenID, once you are authenticated, you are issued with a token. That token can then be used to access any of the Motionite services for which you are authorised. In effect, we have single sign on.

API users also use Passport but follow a different flow. Passport supports all the supports the standard flows provided by the OpenID Connect standard.

We implement a “zero trust architecture” which means that all services subscribe to the same token infrastructure, even internal to internal.

There is considerable information about OpenID on the internet and many components and libraries to assist with this.

There are 3 main services in our system related to Passport:

  1. Token Service
    This service is part of Passport Front End and issues tokens
  2. Admin Service
    This provides the Skoruba front-end Administration user interface and is also part of Passport Front End
  3. Rest API Services
    This API provides other internal components with access to Passport. It is the back-end passport component.