{"_id":"59b815d78c45630028f0a9d5","project":"55faeacad0e22017005b8265","version":{"_id":"55faeacad0e22017005b8268","project":"55faeacad0e22017005b8265","__v":35,"createdAt":"2015-09-17T16:31:06.800Z","releaseDate":"2015-09-17T16:31:06.800Z","categories":["55faeacbd0e22017005b8269","55faf550764f50210095078e","55faf5b5626c341700fd9e96","55faf8a7825d5f19001fa386","560052f91503430d007cc88f","560054f73aa0520d00da0b1a","56005aaf6932a00d00ba7c62","56005c273aa0520d00da0b3f","5601ae7681a9670d006d164d","5601ae926811d00d00ceb487","5601aeb064866b1900f4768d","5601aee850ee460d0002224c","5601afa02499c119000faf19","5601afd381a9670d006d1652","561d4c78281aec0d00eb27b6","561d588d8ca8b90d00210219","563a5f934cc3621900ac278c","5665c5763889610d0008a29e","566710a36819320d000c2e93","56ddf6df8a5ae10e008e3926","56e1c96b2506700e00de6e83","56e1ccc4e416450e00b9e48c","56e1ccdfe63f910e00e59870","56e1cd10bc46be0e002af26a","56e1cd21e416450e00b9e48e","56e3139a51857d0e008e77be","573b4f62ef164e2900a2b881","57c9d1335fd8ca0e006308ed","57e2bd9d1e7b7220000d7fa5","57f2b992ac30911900c7c2b6","58adb5c275df0f1b001ed59b","58c81b5c6dc7140f003c3c46","595412446ed4d9001b3e7b37","59e76ce41938310028037295","5a009de510890d001c2aabfe"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"v1","version_clean":"1.0.0","version":"1"},"category":{"_id":"5601afd381a9670d006d1652","project":"55faeacad0e22017005b8265","version":"55faeacad0e22017005b8268","__v":11,"pages":["5602341e930fe1170074bd22","560235191ba3720d00a6b9a4","561d4dec57165b0d00aa5d94","561d4e369e8e1f0d00983286","561d4e669e8e1f0d00983288","561d4ed26386060d00e06011","561d4f3457165b0d00aa5d97","563108d8f1c0580d00fac6f1","5645082598da41190099f31a","5665cf36e93ae70d00b969f8","56abda994e8ba20d006a23f7"],"sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-09-22T19:45:23.406Z","from_sync":false,"order":4,"slug":"authentication-guide","title":"Authentication Guide"},"user":"55fae9d4825d5f19001fa379","__v":0,"parentDoc":null,"updates":[],"next":{"pages":[],"description":""},"createdAt":"2017-09-12T17:13:59.895Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":11,"body":"# Breaking Change Announcement\nThe new GBDX Authentication system will go live on Thursday, *March 22, 2018*. This documentation describes the action required following deployment, and the breaking changes and non-breaking changes that will be part of the new system.  Since this project is still in development, any additional changes that occur during development will be documented here. \n\n#Action Required when new Authentication System is Released\n\nOn the release date, you can expect the following:\n\n1. GBDX will be offline for maintenance for 4-8 hours. We'll post on the [Platform Status Page](http://status.geobigdata.io/incidents/gr4zzn96w15f)  when the system will be offline, and provide regular updates until it's back up. This process could take most of the day. \n\n2. GBDX passwords may need to be reset. If needed, you will receive an email telling you to reset your password. \n\n2. Your GBDX access token will be expired during deployment. You will need to get a new token afterward.\n\nFor updates, follow [:::at:::GBDXReleaseLog](http://twitter.com/GBDXReleaseLog) on Twitter, and subscribe to the  incident on the [Platform Status Page](http://status.geobigdata.io/incidents/gr4zzn96w15f) .\n\n#Upcoming Changes\n\nChange | Description\n--- | ---\nOnly email and password will be used to authenticate | GBDX will only use email and password to authenticate a user. API key, client key, and client secret are deprecated.\nAPI key will be deprecated | API keys will  not be used for authentication. They won't be stored in the GBDX auth system or displayed on the user profile page in the GBDX web application. If the API key is passed in the authentication header, it will be ignored. \nClient ID will be deprecated | Client IDs will not be used for authentication. They won't be stored in the GBDX auth system or displayed on the user profile page in the GBDX web application. If the Client ID is passed in the authentication header, it will be ignored. \nClient Secret will be deprecated | Client Secret values will not be used for authentication. They won't be stored in the GBDX authentication system or displayed on the user profile page in the GBDX web application. If the Client Secret is passed in the authentication header, it will be ignored. \nThe access_token length will increase  | The number of characters in the token will increase.\nThe \"validate token\" response will change | See [Changes to Validate Token Reponse](#section-changes-to-validate-token-response) below.\nThe \"sign up\" page will change | The \"sign-up\" process for new users will change in the GBDX Web Application. See \"Changes to Sign-up Process\" below.\nUser Management will change | This change will only be visible to account administrators. See \"Changes to User Management\" below.\nAccount Management will change | This change will only be visible to account administrators. See \"Changes to Account Management\" below.\n\n##Changes to Validate Token Response\n\nThe \"validate token\" response has been updated to align more closely with Auth0 best practices. In order to prevent breaking changes, some properties have been included in the new response for backward compatibility.\n\n###Old “validate token” response example\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"    {\\n        \\\"username\\\": \\\"<username/email>\\\",\\n        \\\"is_deleted\\\": false,\\n        \\\"name\\\": \\\"<name>\\\"\\n        \\\"reset_password_code_expires\\\": null,\\n        \\\"country_of_operation\\\": \\\"US\\\",\\n        \\\"auth0_user_id\\\": \\\"<auth0_user_id>\\\",\\n        \\\"company\\\": \\\"DigitalGlobe\\\",\\n        \\\"is_active\\\": true,\\n        \\\"account_id\\\": \\\"<account_id>\\\",\\n        \\\"id\\\": <gameplan-auth_id>,\\n        \\\"last_viewed_terms_of_service_version_date\\\": \\\"2015-12-04T00:00:00Z\\\",\\n        \\\"last_login\\\": \\\"2017-08-11T17:37:46.432Z\\\",\\n        \\\"reset_password_code\\\": null,\\n        \\\"is_super_user\\\": false,\\n        \\\"declared_usage\\\": \\\"DEM\\\",\\n        \\\"role\\\": \\\"account_user\\\",\\n        \\\"account_level\\\": \\\"custom\\\",\\n       \\\"email\\\": \\\"<email>\\\",\\n       \\\"registration_status\\\": \\\"registered\\\"\\n    }\",\n      \"language\": \"json\"\n    }\n  ]\n}\n[/block]\n    \n###New “validate token” response example\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"{\\n                “id”: “<user_id>”,\\n                “email”: “<email>”,\\n                “account_id”: “<account_id>”,\\n                “account_level”: “<account_level>”,\\n                “roles”: [\\n                                “<role>”,\\n                ]\\n}\",\n      \"language\": \"json\"\n    }\n  ]\n}\n[/block]\n###Properties added to the \"validate token\" response\nThese properties have been added to the \"validate token\" response to align with Auth0 best practices.\n\nProperty | Description\n--- | ---\nid | This is the user ID.\nroles | This property is used to identify the role of the user. For example, \"super_admin\" or \n\n\n###Properties removed from the \"validate token\" response\n\nThe following properties have been removed from the “validate token” response”. \n\n\"is_deleted\"\n\"name\"\n\"reset_password_code_expires\"\n\"country_of_operation\"\n\"company\": \"DigitalGlobe\"\n\"is_active\"\n\"last_viewed_terms_of_service_version_date\"\n\"last_login\"\n\"reset_password_code\"\n\"declared_usage\"\n\"registration_status\"\n\n#GBDX Web Application Changes\n[block:callout]\n{\n  \"type\": \"info\",\n  \"title\": \"This section is coming soon.\"\n}\n[/block]\n\n\n##Web Sign-up Process Changes\n\n##User Profile Page changes\n\n##User Management Changes\n\n##Account Management Changes","excerpt":"This page describes the upcoming changes to the GBDX Authentication System","slug":"authentication-changes","type":"basic","title":"Authentication Changes Announcement"}

Authentication Changes Announcement

This page describes the upcoming changes to the GBDX Authentication System

# Breaking Change Announcement The new GBDX Authentication system will go live on Thursday, *March 22, 2018*. This documentation describes the action required following deployment, and the breaking changes and non-breaking changes that will be part of the new system. Since this project is still in development, any additional changes that occur during development will be documented here. #Action Required when new Authentication System is Released On the release date, you can expect the following: 1. GBDX will be offline for maintenance for 4-8 hours. We'll post on the [Platform Status Page](http://status.geobigdata.io/incidents/gr4zzn96w15f) when the system will be offline, and provide regular updates until it's back up. This process could take most of the day. 2. GBDX passwords may need to be reset. If needed, you will receive an email telling you to reset your password. 2. Your GBDX access token will be expired during deployment. You will need to get a new token afterward. For updates, follow [@GBDXReleaseLog](http://twitter.com/GBDXReleaseLog) on Twitter, and subscribe to the incident on the [Platform Status Page](http://status.geobigdata.io/incidents/gr4zzn96w15f) . #Upcoming Changes Change | Description --- | --- Only email and password will be used to authenticate | GBDX will only use email and password to authenticate a user. API key, client key, and client secret are deprecated. API key will be deprecated | API keys will not be used for authentication. They won't be stored in the GBDX auth system or displayed on the user profile page in the GBDX web application. If the API key is passed in the authentication header, it will be ignored. Client ID will be deprecated | Client IDs will not be used for authentication. They won't be stored in the GBDX auth system or displayed on the user profile page in the GBDX web application. If the Client ID is passed in the authentication header, it will be ignored. Client Secret will be deprecated | Client Secret values will not be used for authentication. They won't be stored in the GBDX authentication system or displayed on the user profile page in the GBDX web application. If the Client Secret is passed in the authentication header, it will be ignored. The access_token length will increase | The number of characters in the token will increase. The "validate token" response will change | See [Changes to Validate Token Reponse](#section-changes-to-validate-token-response) below. The "sign up" page will change | The "sign-up" process for new users will change in the GBDX Web Application. See "Changes to Sign-up Process" below. User Management will change | This change will only be visible to account administrators. See "Changes to User Management" below. Account Management will change | This change will only be visible to account administrators. See "Changes to Account Management" below. ##Changes to Validate Token Response The "validate token" response has been updated to align more closely with Auth0 best practices. In order to prevent breaking changes, some properties have been included in the new response for backward compatibility. ###Old “validate token” response example [block:code] { "codes": [ { "code": " {\n \"username\": \"<username/email>\",\n \"is_deleted\": false,\n \"name\": \"<name>\"\n \"reset_password_code_expires\": null,\n \"country_of_operation\": \"US\",\n \"auth0_user_id\": \"<auth0_user_id>\",\n \"company\": \"DigitalGlobe\",\n \"is_active\": true,\n \"account_id\": \"<account_id>\",\n \"id\": <gameplan-auth_id>,\n \"last_viewed_terms_of_service_version_date\": \"2015-12-04T00:00:00Z\",\n \"last_login\": \"2017-08-11T17:37:46.432Z\",\n \"reset_password_code\": null,\n \"is_super_user\": false,\n \"declared_usage\": \"DEM\",\n \"role\": \"account_user\",\n \"account_level\": \"custom\",\n \"email\": \"<email>\",\n \"registration_status\": \"registered\"\n }", "language": "json" } ] } [/block]      ###New “validate token” response example [block:code] { "codes": [ { "code": "{\n “id”: “<user_id>”,\n “email”: “<email>”,\n “account_id”: “<account_id>”,\n “account_level”: “<account_level>”,\n “roles”: [\n “<role>”,\n ]\n}", "language": "json" } ] } [/block] ###Properties added to the "validate token" response These properties have been added to the "validate token" response to align with Auth0 best practices. Property | Description --- | --- id | This is the user ID. roles | This property is used to identify the role of the user. For example, "super_admin" or ###Properties removed from the "validate token" response The following properties have been removed from the “validate token” response”. "is_deleted" "name" "reset_password_code_expires" "country_of_operation" "company": "DigitalGlobe" "is_active" "last_viewed_terms_of_service_version_date" "last_login" "reset_password_code" "declared_usage" "registration_status" #GBDX Web Application Changes [block:callout] { "type": "info", "title": "This section is coming soon." } [/block] ##Web Sign-up Process Changes ##User Profile Page changes ##User Management Changes ##Account Management Changes