DevOptions for invoking your cloud application (article)
Types of access tokens (article)
This article is currently under construction!!!
For the teamplay digital health platform, we provide you the Siemens Healthineers SSO service. The service is easy to integrate into your application. With this, you can easily access our services from a users context by providing the teamplay user token.. After your applications sent a request a service with an access token, our service will validate the token signature via the authorization server that authorized you to access our services.
The Healthineers SSO service bases on OAuth 2.0 in conjunction with its PKCE extension, an OpenID Connect (OIDC) authorization flow. OAuth provides a secured delegated access to our services and data without exposing user credentials to all parties.
The Healthineers SSO service applies a combination of a cookie-based and a token-based authentication flow. For performance reasons, after users logged in, the authorization server sends first a cookie including a session ID to your application front-end and than the teamplay user token. Depending on your chosen authorization flow based on your application type, the user token is either sent to your application front-end or back-end.
Before consuming APIs that require the user context by providing the teamplay user token in the request header, make sure that your API requests are only send from your application back-end - irrespective of your application type.
When the latest teamplay user token is only available in the front-end of your application, to take advantage of our APIs that require the user context, first send the token as part of the request body using your own API service to your application back end.
Single-page application (glossary entry)
Angular CLI - sample application (download center)
Implicit flow for OAuth 2.0 to support single page applications (SPA)
OAuth requests are managed from your application front-end. To call the Siemens Healthineers SSO service, send a post request from your application front-end to the authorization end point for Siemens Healthineers as the identity provider by passing your OAuth client ID within the URL. As the client ID can be passed via the browser URL to the authorization endpoint, the implicit flow is the ideal solution for SPAs, but less secure than the regular flow for regular web applications.
For the implicit flow, first a cookie containing a session ID and then a user token is sent to your front-end application running in a browser.