Configure an External System

An external system is a Authway unique concept to make it easier for an API to support both end-users and system-to-system consumption. An external system is both a default configured client, combined with a system user, which makes it possible to get typical user claims like name, email, tid and perm. This possibility makes it easy for the API, since it does not need to figure out if it is an end-user or a system that makes the call and handle them differently. Note that an External System can’t be added to a group so it can’t get any role claims.

It is important to understand that an External System belongs to a tenant, which most likely will have the affect that the API only will return information for that tenant (ie filtered by the tid claim).

Configure an External System

To create a new External System, click add and supply a name and an e-mail address. The same e-mail address can be used for many systems and it will not conflict with regular end-users e-mail address. We do recommend to use a non-personal e-mail because that address might be used by an API owner to inform about downtime, changes and so on.

Once the client has been created, it must have access to at least one functionality in order to be used. At the same time as it receives the right, it will also be assigned the scope that is connected to the module to which the selected functionality belongs.

The last step is then to create a secret.

For an existing client you can’t make many changes, but it is possible to change the e-mail address. The most common administrative task is to make changes to the permissions and in some cases create a new secret.

Secrets for an External System

A secret can be created under the “Actions” menu. When a new secret is created, it is displayed directly in the user interface and then it is important that it is copied and stored securely for the client. Authway will not be able to show the value of the secret again (in the same way that passwords cannot be displayed). This means that if the secret is lost, a new secret must be created. When a new secret is created, the old secret will be valid for 30 days, giving you time to change you configuration.

Advanced Configuration of the Client

It is possible to make changes to the client configuration by going to Configure -> Clients and flip the option to also show External Systems. This will list all External Systems that are configured for the tenant you administer. This makes it possible to change all settings for the client, like the type of tokens used, how long a token should be valid, change allowed scopes and so on.