OAuth for StreamNative Cloud

StreamNative Cloud supports the OAuth 2.0 protocol for authentication and authorization. OAuth is an open-standard protocol that grants access to supported clients using a temporary access token. Supported clients use delegated authorization to access and use StreamNative Cloud resources and data on the behalf of a user or application.

Summary of key features provided by OAuth 2.0 support in StreamNative Cloud:

• Manage application identities and credentials through Auth0.

• Authenticate with StreamNative Cloud resources using short-lived credentails (JSON Web Tokens).

• StreamNative Cloud's OAuth 2.0 service provides OIDC-based tokens for authentication and authorization that are based on the OAuth 2.0 Authorization Framework [RFC 6746] and is compliant with OpenID Connect (OIDC).

• You can configure OAuth using the StreamNative Cloud Console and StreamNative CLI.

Limitations

OAuth 2.0 for StreamNative Cloud includes the following limitations:

• StreamNative Cloud only uses StreamNative's Auth0 service as identity provider. It doesn't support using your own identity provider yet.

Access token format

StreamNative Cloud only accepts JSON Web Token (JWT) access tokens, based on an open, industry standard for representing claims to be transferred securely between two parties. A JWT is a string that represents a set of claims as a JSON object in a JSON Web Signature (JWS) or JSON Web Encryption (JWE) structure, enabling the claims to be signed or encrypted.

Each JWT includes a header, body, and signature that is formatted like this:

header.body.signature

For details about how JWT crednetials, see:

• JWT (JSON Web Tokens) website, provided by Auth0
  • Introduction to JSON Web Tokens
  • JWT Debugger
  • JWT Handbook: a free ebook
• JSON Web Token (JWT)[RFC 7519]
• JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens[RFC 9068]