Apps

The Altair IoT Studio platform uses Oauth 2.0, an industry-standard protocol for authentication and authorization of external sources of information trying to access information in the platform. These external sources, like anything, must supply Altair IoT Studio with an access token before being able to communicate.

Apps in Altair IoT Studio help to define the permissions needed to supply Altair IoT Studio to get an access token, and then create them to be used externally. There are two types of apps:
Client Credentials
APIs are a software intermediary that allows two applications to talk to each other. In Altair IoT Studio, a REST API is used to enable communication between the client (person or software who requests information) and the server (the one that provides the client with the requested information) following HTTP protocol. REST APIs use authorization mechanisms to ensure clients request access to data securely. This involves authenticating the sender of a request and confirming that they have permission to perform the requested action.
Client credentials apps are used to access resources inside the IoT platform by generating an access token to use the API.
Authorization Code
Authorization code apps are used to authenticate the users of a web or mobile application that has been built on top of Altair IoT Studio. With this grant type, users can be authenticated without exposing a client secret in the app code. Instead, users can authenticate by entering a username and password in the Altair IoT Studio Identity Management Provider to retrieve an authorization code which can be exchanged for an access token.

Create an App

  1. To create a new App, click New App.


  2. In the New App panel, enter the name and a description (optional).
  3. Select a Scope from the drop-down menu. Use Scopes to configure which areas of Altair IoT Studio the client has access to.
    Figure 1.


  4. Chose the type of App you want to build. You can select between Client Credentials, or Authorization Code.

    Client credentials are a mechanism to generate an access token to use the API. Use cases include authenticating devices, serverless functions and ECP clusters.

    Authorization Code: is a mechanism to authenticate the users of a web or mobile application that has been built using Altair IoT Studio.

  5. If you select Client Credentials:
    1. Access the Authorization tab. Choose between assigning a Role to the App or defining the Policies by clicking on +Add Policy. A policy allowing access to all resources and performing CRUD operations is set by default. Click Save to create the App.
      The App is created.
      Figure 2.


  6. If you choose Authorization Code:
    • Redirect uris: indicates where the user will be redirected once authenticated
    • Post-logout Redirect uris: indicates where the user will be redirected after logging out
    • Frontchannel Logout uri: indicate the uri that supports the frontchannel logout mechanism
    • Backchannel Logout uri: indicates the uri that supports the application logged out
    • Allowed CORS Origins: indicates the domains that are allowed to access the IDP
    Note: You can add multiple uris by separating them with commas.
    Figure 3.


    1. Access the Authorization tab and click Save to create the App.
The basic method of authentication used for this purpose is Oauth. All applications have a Client ID and Client Secret, so you can get a token and interact with the platform.
  1. To reset the Secret, on the Details pane, click Reset Client Secret.
    The App secret will generate randomly and display on the screen.
    Figure 4.


    Note: Tokens (or secrets) in the application are only ever displayed once for security reasons. If you lose your token, you will need to reset it using the Reset Client Secret button.
    You can use the Variables Storage section under Space Settings to store the App's credentials.
    Figure 5.