Hopara offers a single single sign-on experience by implementing the client grant flow from OAuth 2.0.
In the client grant flow, after the user has been successfully authenticated in your product an access token can be requested to Hopara on the back-end using a shared secret. This request describes what permissions the token holder will have.
This token should be forwarded to the front-end integration and will be used in all requests to Hopara during that browser session. The token has a TTL of 7 days and can be persisted in the browser local storage.
For details on how to generate a token please refer to the auth service section.
When generating a token you can send the profile parameter to limit what the user can do and see. Hopara supports the following profiles:
| Group | Permissions |
| profile:admin | Manage users |
| profile:data | Create new datasources and queries |
| profile:studio | Create new visualizations and customize them |
| profile:scene-builder | Manage assets and rooms (e.g. move and place assets) |
| profile:visualization | View only |
Profiles on the top inherit the permissions from the profiles on the bottom (e.g. the studio profile inherits the scene-builder and visualization permissions).