{"_id":"59b815d78c45630028f0a9d5","project":"55faeacad0e22017005b8265","version":{"_id":"55faeacad0e22017005b8268","project":"55faeacad0e22017005b8265","__v":36,"createdAt":"2015-09-17T16:31:06.800Z","releaseDate":"2015-09-17T16:31:06.800Z","categories":["55faeacbd0e22017005b8269","55faf550764f50210095078e","55faf5b5626c341700fd9e96","55faf8a7825d5f19001fa386","560052f91503430d007cc88f","560054f73aa0520d00da0b1a","56005aaf6932a00d00ba7c62","56005c273aa0520d00da0b3f","5601ae7681a9670d006d164d","5601ae926811d00d00ceb487","5601aeb064866b1900f4768d","5601aee850ee460d0002224c","5601afa02499c119000faf19","5601afd381a9670d006d1652","561d4c78281aec0d00eb27b6","561d588d8ca8b90d00210219","563a5f934cc3621900ac278c","5665c5763889610d0008a29e","566710a36819320d000c2e93","56ddf6df8a5ae10e008e3926","56e1c96b2506700e00de6e83","56e1ccc4e416450e00b9e48c","56e1ccdfe63f910e00e59870","56e1cd10bc46be0e002af26a","56e1cd21e416450e00b9e48e","56e3139a51857d0e008e77be","573b4f62ef164e2900a2b881","57c9d1335fd8ca0e006308ed","57e2bd9d1e7b7220000d7fa5","57f2b992ac30911900c7c2b6","58adb5c275df0f1b001ed59b","58c81b5c6dc7140f003c3c46","595412446ed4d9001b3e7b37","59e76ce41938310028037295","5a009de510890d001c2aabfe","5a96f89c89442e002041144b"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"v1","version_clean":"1.0.0","version":"1"},"category":{"_id":"5601afd381a9670d006d1652","project":"55faeacad0e22017005b8265","version":"55faeacad0e22017005b8268","__v":11,"pages":["5602341e930fe1170074bd22","560235191ba3720d00a6b9a4","561d4dec57165b0d00aa5d94","561d4e369e8e1f0d00983286","561d4e669e8e1f0d00983288","561d4ed26386060d00e06011","561d4f3457165b0d00aa5d97","563108d8f1c0580d00fac6f1","5645082598da41190099f31a","5665cf36e93ae70d00b969f8","56abda994e8ba20d006a23f7"],"sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-09-22T19:45:23.406Z","from_sync":false,"order":6,"slug":"authentication-guide","title":"Authentication Guide"},"user":"55fae9d4825d5f19001fa379","__v":0,"parentDoc":null,"updates":[],"next":{"pages":[],"description":""},"createdAt":"2017-09-12T17:13:59.895Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":0,"body":"[block:callout]\n{\n  \"type\": \"warning\",\n  \"title\": \"The new authentication system described in this document was deployed on March 22, 2018.\"\n}\n[/block]\n# Breaking Change Announcement\n**The new GBDX Authentication system will go live on Thursday, March 22, 2018, beginning at 8 AM MST.** This documentation describes the action required following deployment, and the breaking changes and non-breaking changes that will be part of the new system.  Since this project is still in development, any additional changes that occur during development will be documented here. \n\n#Plan Ahead: Make these Changes before 3/22/2018\n\n1. Install the latest \"gbdxtools\" version. This version will handle getting a new token after deployment with no further action on your part. See [Instructions for gbdxtools Users](#section-instructions-for-gbdxtools-users) for details. \n\n2. If you have a GBDX username that is not your email address, start using your email address instead. You may need to update your gbdxtools config file and your Postman environment. See [Username Update](#section-username-update) for more information.\n\n3. Make sure you have accepted the latest \"GBDX Terms of Use.\" Users who have not accepted this will not be able to access GBDX after the deployment until they do so. To make sure you're up to date, go to https://gbdx.geobigdata.io and log in. If you are prompted to do so, review the terms and accept them. If you are not prompted, then you're up to date. \n\n4. During the deployment there will be impact on workflows that use user impersonation.  The tokens used by user impersonation will become invalid, and the workflow will fail.  To minimize the impact of this,  please hold off launching of workflows that use user impersonation during the deployment window. Plan ahead to give your workflow substantial time to complete before the deployment window begins at 8 AM MST on 3/22/2018.\n\n5. Subscribe to this maintenance incident on our  [Platform Status Page](http://status.geobigdata.io/incidents/gr4zzn96w15f). You'll be notified when the deployment begins and ends.\n\n6. If you are a UI developer that uses the Auth0 UI to authenticate users in your application, see [Authentication Changes for UI Developers](https://gbdxdocs.digitalglobe.com/v1/docs/authentication-changes#section-authentication-changes-for-ui-developers) for additional updates. \n\n#Action Required when the new Authentication System is Released\n\nOn the release date, you can expect the following:\n\n1. The deployment will begin at 8 AM MST. GBDX will be offline for maintenance for 4-8 hours. We'll post on the [Platform Status Page](http://status.geobigdata.io/incidents/gr4zzn96w15f)  when the system will be offline, and provide regular updates until it's back up. \n\n2. Your GBDX access token will be expired during deployment. You will need to get a new token afterward. GBDXtools users who previously installed the latest version will not need to do anything. [Instructions for gbdxtools Users](#section-instructions-for-gbdxtools-users) for details.\n\n3. GBDXtools users who do not install the latest version must manually delete your token from the gbdxtools to get a new one\n\n4. Postman users, a new Postman collection will be published the day of the deployment. It will include updates to the environment variables. Plan to download the updates when the deployment is complete. \n\n#Upcoming Changes\n\nChange | Description\n--- | ---\nOnly username and password will be used to authenticate | GBDX will only use username and password to authenticate a user. API key, client key, and client secret are deprecated. Note: Username must be an email address. \nAPI key will be deprecated | API keys will  not be used for authentication. They won't be stored or displayed on the user profile page in the GBDX web application. If the API key is passed in the authentication header, it will be ignored. \nClient ID will be deprecated | Client IDs will not be used for authentication. They won't be stored or displayed on the user profile page in the GBDX web application. If the Client ID is passed in the authentication header, it will be ignored. \nClient Secret will be deprecated | Client Secret values will not be used for authentication. They won't be stored in the GBDX authentication system or displayed on the user profile page in the GBDX web application. If the Client Secret is passed in the authentication header, it will be ignored. \nUsernames that are not an email address will no longer work. |  Use the email address associated with your account to log in. \nThe access_token length will increase  | The number of characters in the token will increase.\nThe \"validate token\" response will change | See [Changes to Validate Token Reponse](#section-changes-to-validate-token-response) below.\nThe \"sign up\" page will change | The \"sign-up\" process for new users will change in the GBDX Web Application. See \"Changes to Sign-up Process\" below.\nUser Management will change | This change will only be visible to account administrators. See \"Changes to User Management\" below.\nAccount Management will change | This change will only be visible to account administrators. See \"Changes to Account Management\" below.\nUse ```access_token``` instead of ```id_token``` | If you are using the Auth0® User Interface to get authentication credentials, you will see two tokens: named ```id_token``` and ```access_token```. You'll need to use the ```access_token```.\nThe \"signup\" and \"login\" pages are now separate | A new \"signup\" page will be used with the new authentication system. The \"login\" page will not change. See [Authentication Changes for UI Developers](#section-authentication-changes-for-ui-developers) for more details.\nNew Auth0 Client Settings | You'll need to update your client settings, typically found in environment variables, to use the new authentication through the Auth0 UI. Contact [Jon Saints](mailto:jon.saints:::at:::digitalglobe.com) .\n\n\nGet a Token\n\n## API Request\nThe URL for the \"Get a Token\" `POST` request will not change.\n\n`https://geobigdata.io/auth/v1/oauth/token/`\n\n\"Get a Token\" Response \nThe Get a Token response will not change. However the token string will be longer.\n\nThe \"Get a Token\" request will not require the API key for authentication. It will use username and password only. \n\n\n# Validate Token\n\n## API Request\nThe URL for  the \"Validate Token `GET` request will not change. \n\n`https://geobigdata.io/auth/v1/validate_token`\n\n##Changes to \"Validate Token\" Response\n\nThe \"validate token\" response has been updated to align more closely with Auth0 best practices. To prevent breaking changes, some properties have been included in the new response for backward compatibility.\n\n###Old “validate token” response example\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"    {\\n        \\\"username\\\": \\\"<username/email>\\\",\\n        \\\"is_deleted\\\": false,\\n        \\\"name\\\": \\\"<name>\\\"\\n        \\\"reset_password_code_expires\\\": null,\\n        \\\"country_of_operation\\\": \\\"US\\\",\\n        \\\"auth0_user_id\\\": \\\"<auth0_user_id>\\\",\\n        \\\"company\\\": \\\"DigitalGlobe\\\",\\n        \\\"is_active\\\": true,\\n        \\\"account_id\\\": \\\"<account_id>\\\",\\n        \\\"id\\\": <gameplan-auth_id>,\\n        \\\"last_viewed_terms_of_service_version_date\\\": \\\"2015-12-04T00:00:00Z\\\",\\n        \\\"last_login\\\": \\\"2017-08-11T17:37:46.432Z\\\",\\n        \\\"reset_password_code\\\": null,\\n        \\\"is_super_user\\\": false,\\n        \\\"declared_usage\\\": \\\"DEM\\\",\\n        \\\"role\\\": \\\"account_user\\\",\\n        \\\"account_level\\\": \\\"custom\\\",\\n       \\\"email\\\": \\\"<email>\\\",\\n       \\\"registration_status\\\": \\\"registered\\\"\\n    }\",\n      \"language\": \"json\"\n    }\n  ]\n}\n[/block]\n    \n###New “validate token” response example\n[block:callout]\n{\n  \"type\": \"info\",\n  \"title\": \"The \\\"Validate Token\\\" response has been updated to improve backward compatibility for some applications.\",\n  \"body\": \"This section was updated 2-27-2018\"\n}\n[/block]\n\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"{\\n    \\\"username\\\": \\\"USERS_NAME(this is typically the email address)\\\",\\n    \\\"user_id\\\": \\\"USER_ID\\\",\\n    \\\"account_id\\\": \\\"ACCOUNT_ID\\\",\\n    \\\"roles\\\": [\\\"ROLE\\\"],\\n    \\\"id\\\": \\\"USER_ID\\\",\\n    \\\"role\\\": \\\"ROLE\\\",\\n    \\\"is_super_user\\\": false,\\n    \\\"email\\\": \\\"USER_EMAIL\\\",\\n    \\\"account_level\\\": \\\"LEVEL\\\"\\n}\",\n      \"language\": \"json\"\n    }\n  ]\n}\n[/block]\n\nProperty Name | Value | More information\n--- | ---\nusername | GBDX user name | In most cases, the username is the user's email address. A small set of legacy usernames are not email addresses. \nuser_id | GBDX user ID | This is the identification number associated with the user.\naccount_id | GBDX account ID | this is the identification number for the GBDX account the user is associated with.\nroles | List of roles associated with the user | At this time, users can only have one role. \nid | user ID | This field has the same value as the \"user_id\" field for backward compatibility.\nrole | the role associated with the user | This field has the same value as the \"roles\" field. It has been retained for backward compatibility.\nis_super_user | TRUE/FALSE value | This value is set to false unless the user has been granted \"super user\" permissions by GBDX. \nemail | The email address the user entered when signing up for a GBDX account | For most users, the \"username\" and \"email\" fields will have the same value. \naccount_level | GBDX account level | Examples: Basic, Eval\n\n\n\n\n###Properties added to the \"validate token\" response\nThese properties have been added to the \"validate token\" response to align with Auth0 best practices.\n\nProperty | Description\n--- | ---\nuser_id | This is the GBDX user ID. It has the same value as the \"ID\" field. \nroles | This is a \"list\" field. Currently only one role per user is supported, so the list will contain a single item. The value in this list is the same value displayed for the \"role\" field.\n\n\n###Properties removed from the \"validate token\" response\n\nThe following properties have been removed from the “validate token” response”. \n\n\"is_deleted\"\n\"name\"\n\"reset_password_code_expires\"\n\"country_of_operation\"\nauth0_user_id\n\"company\": \"DigitalGlobe\"\n\"is_active\"\n\"last_viewed_terms_of_service_version_date\"\n\"last_login\"\n\"reset_password_code\"\n\"declared_usage\"\n\"registration_status\"\n\n# Authentication Changes for UI Developers \n[block:callout]\n{\n  \"type\": \"warning\",\n  \"title\": \"The GBDX team is working closely with current UI developers to implement Authentication system changes.\",\n  \"body\": \"If you have a web application that uses GBDX Authentication, and have not yet been contacted, please contact [Jon Saints](mailto:jon.saints@digitalglobe.com) as soon as possible.\"\n}\n[/block]\nThis section applies to UI developers who currently use the Auth0® User Interface for GBDX authentication within our application.\n\n## Separate \"signup\" and login\" pages.\n\nA new and separate \"signup\" page will be added. \n\n### \"Signup\" Page\nThe \"signup\" page will be hosted at ```https://dashboard.geobigdata.io/signup```. Your application will need to link \"signup\" users to ```https://dashboard.geobigdata.io/signup?client=<auth0_clientId>&dest_url=<url>.```  \n\nAfter a successful signup, GBDX authentication will direct users back to the dest_url that you provide. \n\n### \"Login\" Page\nThere are no changes to the \"login\" page. You should continue to to call ```auth0.webauth.authorize()``` as you do now when users click \"login\".\n\n## Use ```access_token``` instead of ```id_token```\nIf you are authenticating using the Auth0 UI, the response will include two tokens, an ```id_token``` and and ```access_token```. You will need to update your application to use the ```access_token```.\n\n## Update your Auth0® Client Settings\nYour Auth0® client settings must be updated to use the new Authentication system. Client settings are typically in your \"environment variables.\" Contact [Jon Saints](mailto:jon.saints@digitalglobe.com) if you need the new client settings information for your user interface.\n\n# Instructions for gbdxtools Users\n\n## Install the latest version of gbdxtools (recommended)\nWe recommend installing the latest version of gbdxtools before the new GBDX authentication system releases. The new version will automatically generate a new token for you after the system deployment. \n\nThe latest version is 0.14.5​  It's available for installation now. For gbdxtools installation instructions, see https://github.com/DigitalGlobe/gbdxtools\n\nFor users using conda env they can update to the latest gbdxtools version via: “conda install -c digital globe gbdxtools=0.14.5” \n\n## ​Use the new Authentication system with an older version of gbdxtools\nTo continue using an earlier version of gbdxtools, you'll need to manually clear the token from your config file. This step should be done after the deployment is complete.\n\n Follow the instructions here: https://github.com/DigitalGlobe/gbdxtools#updates\n\n## Additional Resources\n\nFor gbdxtools installation instructions, see https://github.com/DigitalGlobe/gbdxtools\n\nTo use gbdxtools, see http://gbdxtools.readthedocs.io/en/latest/index.html\n\n#Username Update\n\nSome earlyGBDX subscribers have a username that is not an email address. This section applies to those users only.\n\nIf you are already using your email address to sign in or get a token, no action is required.\n\nIf you access GBDX with your username, you'll need to make the following changes. You can make them at any time before March 22nd. \n\n* For \"gbdxtools\" users, you may need to update your config file,  ~/.gbdx-config. Update the field called user_name to use your email address as the value. \n\n* For Postman users, the environment variable for this will still be \"username\", but you will use the email address as the value.","excerpt":"This page describes the upcoming changes to the GBDX Authentication System. \n\n**Deployed**: 3-22-2018\n\n**Last Updated**: 3-14-2018\n\n**3-14 Updates**: Added gbdxtools instructions, added \"Plan Ahead\" step-by-step instructions.\n\n**2-27 Updates**: The \"validate token\" response has been updated to improve backward compatibility. The change is documented below.\n\n**2-21 Updates**: Added \"Authentication Changes for UI Developers\" to describe changes for UI developers who use the Auth0® UI to authenticate.","slug":"authentication-changes","type":"basic","title":"Authentication Changes Announcement"}

Authentication Changes Announcement

This page describes the upcoming changes to the GBDX Authentication System. **Deployed**: 3-22-2018 **Last Updated**: 3-14-2018 **3-14 Updates**: Added gbdxtools instructions, added "Plan Ahead" step-by-step instructions. **2-27 Updates**: The "validate token" response has been updated to improve backward compatibility. The change is documented below. **2-21 Updates**: Added "Authentication Changes for UI Developers" to describe changes for UI developers who use the Auth0® UI to authenticate.

[block:callout] { "type": "warning", "title": "The new authentication system described in this document was deployed on March 22, 2018." } [/block] # Breaking Change Announcement **The new GBDX Authentication system will go live on Thursday, March 22, 2018, beginning at 8 AM MST.** This documentation describes the action required following deployment, and the breaking changes and non-breaking changes that will be part of the new system. Since this project is still in development, any additional changes that occur during development will be documented here. #Plan Ahead: Make these Changes before 3/22/2018 1. Install the latest "gbdxtools" version. This version will handle getting a new token after deployment with no further action on your part. See [Instructions for gbdxtools Users](#section-instructions-for-gbdxtools-users) for details. 2. If you have a GBDX username that is not your email address, start using your email address instead. You may need to update your gbdxtools config file and your Postman environment. See [Username Update](#section-username-update) for more information. 3. Make sure you have accepted the latest "GBDX Terms of Use." Users who have not accepted this will not be able to access GBDX after the deployment until they do so. To make sure you're up to date, go to https://gbdx.geobigdata.io and log in. If you are prompted to do so, review the terms and accept them. If you are not prompted, then you're up to date. 4. During the deployment there will be impact on workflows that use user impersonation. The tokens used by user impersonation will become invalid, and the workflow will fail. To minimize the impact of this, please hold off launching of workflows that use user impersonation during the deployment window. Plan ahead to give your workflow substantial time to complete before the deployment window begins at 8 AM MST on 3/22/2018. 5. Subscribe to this maintenance incident on our [Platform Status Page](http://status.geobigdata.io/incidents/gr4zzn96w15f). You'll be notified when the deployment begins and ends. 6. If you are a UI developer that uses the Auth0 UI to authenticate users in your application, see [Authentication Changes for UI Developers](https://gbdxdocs.digitalglobe.com/v1/docs/authentication-changes#section-authentication-changes-for-ui-developers) for additional updates. #Action Required when the new Authentication System is Released On the release date, you can expect the following: 1. The deployment will begin at 8 AM MST. GBDX will be offline for maintenance for 4-8 hours. We'll post on the [Platform Status Page](http://status.geobigdata.io/incidents/gr4zzn96w15f) when the system will be offline, and provide regular updates until it's back up. 2. Your GBDX access token will be expired during deployment. You will need to get a new token afterward. GBDXtools users who previously installed the latest version will not need to do anything. [Instructions for gbdxtools Users](#section-instructions-for-gbdxtools-users) for details. 3. GBDXtools users who do not install the latest version must manually delete your token from the gbdxtools to get a new one 4. Postman users, a new Postman collection will be published the day of the deployment. It will include updates to the environment variables. Plan to download the updates when the deployment is complete. #Upcoming Changes Change | Description --- | --- Only username and password will be used to authenticate | GBDX will only use username and password to authenticate a user. API key, client key, and client secret are deprecated. Note: Username must be an email address. API key will be deprecated | API keys will not be used for authentication. They won't be stored or displayed on the user profile page in the GBDX web application. If the API key is passed in the authentication header, it will be ignored. Client ID will be deprecated | Client IDs will not be used for authentication. They won't be stored or displayed on the user profile page in the GBDX web application. If the Client ID is passed in the authentication header, it will be ignored. Client Secret will be deprecated | Client Secret values will not be used for authentication. They won't be stored in the GBDX authentication system or displayed on the user profile page in the GBDX web application. If the Client Secret is passed in the authentication header, it will be ignored. Usernames that are not an email address will no longer work. | Use the email address associated with your account to log in. The access_token length will increase | The number of characters in the token will increase. The "validate token" response will change | See [Changes to Validate Token Reponse](#section-changes-to-validate-token-response) below. The "sign up" page will change | The "sign-up" process for new users will change in the GBDX Web Application. See "Changes to Sign-up Process" below. User Management will change | This change will only be visible to account administrators. See "Changes to User Management" below. Account Management will change | This change will only be visible to account administrators. See "Changes to Account Management" below. Use ```access_token``` instead of ```id_token``` | If you are using the Auth0® User Interface to get authentication credentials, you will see two tokens: named ```id_token``` and ```access_token```. You'll need to use the ```access_token```. The "signup" and "login" pages are now separate | A new "signup" page will be used with the new authentication system. The "login" page will not change. See [Authentication Changes for UI Developers](#section-authentication-changes-for-ui-developers) for more details. New Auth0 Client Settings | You'll need to update your client settings, typically found in environment variables, to use the new authentication through the Auth0 UI. Contact [Jon Saints](mailto:jon.saints@digitalglobe.com) . Get a Token ## API Request The URL for the "Get a Token" `POST` request will not change. `https://geobigdata.io/auth/v1/oauth/token/` "Get a Token" Response The Get a Token response will not change. However the token string will be longer. The "Get a Token" request will not require the API key for authentication. It will use username and password only. # Validate Token ## API Request The URL for the "Validate Token `GET` request will not change. `https://geobigdata.io/auth/v1/validate_token` ##Changes to "Validate Token" Response The "validate token" response has been updated to align more closely with Auth0 best practices. To prevent breaking changes, some properties have been included in the new response for backward compatibility. ###Old “validate token” response example [block:code] { "codes": [ { "code": " {\n \"username\": \"<username/email>\",\n \"is_deleted\": false,\n \"name\": \"<name>\"\n \"reset_password_code_expires\": null,\n \"country_of_operation\": \"US\",\n \"auth0_user_id\": \"<auth0_user_id>\",\n \"company\": \"DigitalGlobe\",\n \"is_active\": true,\n \"account_id\": \"<account_id>\",\n \"id\": <gameplan-auth_id>,\n \"last_viewed_terms_of_service_version_date\": \"2015-12-04T00:00:00Z\",\n \"last_login\": \"2017-08-11T17:37:46.432Z\",\n \"reset_password_code\": null,\n \"is_super_user\": false,\n \"declared_usage\": \"DEM\",\n \"role\": \"account_user\",\n \"account_level\": \"custom\",\n \"email\": \"<email>\",\n \"registration_status\": \"registered\"\n }", "language": "json" } ] } [/block]      ###New “validate token” response example [block:callout] { "type": "info", "title": "The \"Validate Token\" response has been updated to improve backward compatibility for some applications.", "body": "This section was updated 2-27-2018" } [/block] [block:code] { "codes": [ { "code": "{\n \"username\": \"USERS_NAME(this is typically the email address)\",\n \"user_id\": \"USER_ID\",\n \"account_id\": \"ACCOUNT_ID\",\n \"roles\": [\"ROLE\"],\n \"id\": \"USER_ID\",\n \"role\": \"ROLE\",\n \"is_super_user\": false,\n \"email\": \"USER_EMAIL\",\n \"account_level\": \"LEVEL\"\n}", "language": "json" } ] } [/block] Property Name | Value | More information --- | --- username | GBDX user name | In most cases, the username is the user's email address. A small set of legacy usernames are not email addresses. user_id | GBDX user ID | This is the identification number associated with the user. account_id | GBDX account ID | this is the identification number for the GBDX account the user is associated with. roles | List of roles associated with the user | At this time, users can only have one role. id | user ID | This field has the same value as the "user_id" field for backward compatibility. role | the role associated with the user | This field has the same value as the "roles" field. It has been retained for backward compatibility. is_super_user | TRUE/FALSE value | This value is set to false unless the user has been granted "super user" permissions by GBDX. email | The email address the user entered when signing up for a GBDX account | For most users, the "username" and "email" fields will have the same value. account_level | GBDX account level | Examples: Basic, Eval ###Properties added to the "validate token" response These properties have been added to the "validate token" response to align with Auth0 best practices. Property | Description --- | --- user_id | This is the GBDX user ID. It has the same value as the "ID" field. roles | This is a "list" field. Currently only one role per user is supported, so the list will contain a single item. The value in this list is the same value displayed for the "role" field. ###Properties removed from the "validate token" response The following properties have been removed from the “validate token” response”. "is_deleted" "name" "reset_password_code_expires" "country_of_operation" auth0_user_id "company": "DigitalGlobe" "is_active" "last_viewed_terms_of_service_version_date" "last_login" "reset_password_code" "declared_usage" "registration_status" # Authentication Changes for UI Developers [block:callout] { "type": "warning", "title": "The GBDX team is working closely with current UI developers to implement Authentication system changes.", "body": "If you have a web application that uses GBDX Authentication, and have not yet been contacted, please contact [Jon Saints](mailto:jon.saints@digitalglobe.com) as soon as possible." } [/block] This section applies to UI developers who currently use the Auth0® User Interface for GBDX authentication within our application. ## Separate "signup" and login" pages. A new and separate "signup" page will be added. ### "Signup" Page The "signup" page will be hosted at ```https://dashboard.geobigdata.io/signup```. Your application will need to link "signup" users to ```https://dashboard.geobigdata.io/signup?client=<auth0_clientId>&dest_url=<url>.``` After a successful signup, GBDX authentication will direct users back to the dest_url that you provide. ### "Login" Page There are no changes to the "login" page. You should continue to to call ```auth0.webauth.authorize()``` as you do now when users click "login". ## Use ```access_token``` instead of ```id_token``` If you are authenticating using the Auth0 UI, the response will include two tokens, an ```id_token``` and and ```access_token```. You will need to update your application to use the ```access_token```. ## Update your Auth0® Client Settings Your Auth0® client settings must be updated to use the new Authentication system. Client settings are typically in your "environment variables." Contact [Jon Saints](mailto:jon.saints@digitalglobe.com) if you need the new client settings information for your user interface. # Instructions for gbdxtools Users ## Install the latest version of gbdxtools (recommended) We recommend installing the latest version of gbdxtools before the new GBDX authentication system releases. The new version will automatically generate a new token for you after the system deployment. The latest version is 0.14.5​ It's available for installation now. For gbdxtools installation instructions, see https://github.com/DigitalGlobe/gbdxtools For users using conda env they can update to the latest gbdxtools version via: “conda install -c digital globe gbdxtools=0.14.5” ## ​Use the new Authentication system with an older version of gbdxtools To continue using an earlier version of gbdxtools, you'll need to manually clear the token from your config file. This step should be done after the deployment is complete. Follow the instructions here: https://github.com/DigitalGlobe/gbdxtools#updates ## Additional Resources For gbdxtools installation instructions, see https://github.com/DigitalGlobe/gbdxtools To use gbdxtools, see http://gbdxtools.readthedocs.io/en/latest/index.html #Username Update Some earlyGBDX subscribers have a username that is not an email address. This section applies to those users only. If you are already using your email address to sign in or get a token, no action is required. If you access GBDX with your username, you'll need to make the following changes. You can make them at any time before March 22nd. * For "gbdxtools" users, you may need to update your config file, ~/.gbdx-config. Update the field called user_name to use your email address as the value. * For Postman users, the environment variable for this will still be "username", but you will use the email address as the value.