Skip to main content

Built-In Authentication

Important

Built-in authentication is a default type of authentication. We advise using it for a quick or local application launch in dev or testing mode. For production, we recommend using SSO authentication type.

Authentication Flow

When user enters login and password on the Login page, TimeBase Web Admin front-end takes these credentials and sends them to the back-end. Back-end returns access and refresh tokens. Back-end validates access token for each request to the server and renews it with the refresh token to extend its life.

Configuration

Built-In authentication is enabled by default in the configuration of the application. You can use it as is without any changes.

info

Refer to Configuration to view an example of the full default config file.

We recommend configuring just these parameters and leaving unchanged all other default configurations for a built-in authentication. Refer to Configuration to learn how to add or override the default configuration. 

# an extract form the main config
security:
  oauth2:
    provider:
      providerType: BUILT_IN_OAUTH # valid values: EXTERNAL_OAUTH, BUILT_IN_OAUTH, SSO
    accessTokenValiditySeconds: 300 # 5 min
    refreshTokenValiditySeconds: 86400 # one day
...
ParameterDescription
providerTypeSet to BUILT_IN_OAUTH to enable this authentication type.
accessTokenValiditySecondsDefine a time period in seconds for access token to be valid.
refreshTokenValiditySecondsDefine a time period in seconds for refresh token to be valid.

Configuration of Users

You can also add users and define their permissions in the users section of the application.yaml config or in a JSON file. 

# an extract form the main config with an example of defining permissions for users
security:
  oauth2:
    users:
      - username: <username>
        password: <BCrypt_encoded_password>
        authorities: [TB_ALLOW_READ, TB_ALLOW_WRITE]
      - username: <username>
        password: <BCrypt_encoded_password>
        authorities: [TB_ALLOW_READ, TB_ALLOW_WRITE]
...

Supported permissions:

  • TB_ALLOW_READ - user can select, view, get data stored in TimeBase streams.
  • TB_ALLOW_WRITE - user can write, modify, delete data stored in TimeBase streams.
  • GRAFANA - permission allowing Grafana plugin to query data from TimeBase. 
# an extract from config with user configurations
security:
  oauth2:
    provider:
      providerType: BUILT_IN_OAUTH # valid values: EXTERNAL_OAUTH, BUILT_IN_OAUTH, SSO
    users:
      - username: <username>
        password: <BCrypt_encoded_password>
        authorities: [TB_ALLOW_READ, TB_ALLOW_WRITE]
      - username: <username>
        password: <BCrypt_encoded_password>
        authorities: [TB_ALLOW_READ, TB_ALLOW_WRITE]
    accessTokenValiditySeconds: 300 # 5 min
    refreshTokenValiditySeconds: 86400 # one day
...