Token-Based Authentication Flow

The following steps describe the NPB application's token-based authentication process.

  1. The client requests an access token from AuthService, using the Authenticate() API method (from AuthClient) to pass user credentials.
  2. AuthService issues the token in response, using the following process:
    1. User credentials are validated with the AAA login mechanism configured on the device.
    2. The JWT token is generated and includes role, expiry, and other relevant information.
    3. AuthService signs the token with its private key and sends it as the response to Authenticate() API.
  3. The client stores the response token, sending it with every gNMI/gNOI request with the token type and token credential in the Authorization header.
  4. AuthService validates the token by performing the following steps:
    1. Validates the signature with the public key from the cert store.
    2. Validates the claims (expiry check, role validation, and any others).
    3. Checks whether the role in the token has permission to access the requested resource.
  5. If step 4 fails, the authentication fails, and the request response is an error message.
9037176-00 REV AA