MultiValue Tools

 View Only
  • 1.  Security with oAuth in MVIS

    Posted 03-11-2021 13:12
    Edited by Hernando Borda 03-11-2021 13:37
    MVIS 1.3 supports oAuth, allowing developers to easily integrate their created APIs with third-party authentication providers such as Auth0 and Okta and provide token-based authorization, ensuring seamless integration with enterprise application security configurations. 

    This first video provides a detailed overview of the capability and how to use it.

    This video is a demo of the application.

    I'm happy to answer any questions you have below!

    Amey Rokde
    Senior Software Engineer
    Rocket Software

  • 2.  RE: Security with oAuth in MVIS

    Posted 07-06-2021 07:26
    Hi Amey,

    Thanks for sharing the demo video.
    I'm quite new to MVIS and I'm trying to enable Okta based authentication (i.e. OAuth2.0) on my MVIS installation. In my authentication process, I want the users to use the pre-shared "client id" and "client secret" details to generate a token, and use these tokens to authenticate to MVIS.

    As mentioned in above video, I checked "OAuth Public Keystore Path" field on my MVIS page and I'm unsure, how can it be used with Okta based authentication, as the above field only accepts a file path.
    Can you suggest, if there is any other field to handle such scenarios. Also, it would be really helpful if you can create a demo video for Okta based authentication.


    Amarendra Rakesh
    Business System Manager
    SMC Corporation Pty Ltd

  • 3.  RE: Security with oAuth in MVIS

    Posted 09-03-2021 00:20
    Hi Amarendra 

    Thanks for the interest in  MVIS .  Let me explain how MVIS OAuth works in the use case of yours which according to me is client credential flow.

    a) Client application would generate token using Okta by providing client id and secret 
    b) Client would provide this token as http header to MVIS
    c) MVIS would decode this token and based on the information namely roles would allow access to the endpoints

    This token can be protected from tampering by using private public key infrastructure . Normally authentication providers like Okta would encrypt the signature of the token using the private key and receiving end can use the public key to decrypt and validate the token.

    This public key certificate should be added into the java keystore (PKCS12) format and provided to MVIS 

    OAuth Public Keystore Path field provides path to this java key store which has the public key added to it.

    Hope this give you the clarity 

    Let me know if you any more questions 


    Amey Rokde
    Senior Software Engineer
    Rocket Internal - All Brands
    pune India