Authentication and Authorization

Before you can use the Data Inspector Library, as well as run the embedded example applications, you need to obtain platform and repository credentials from the HERE Platform Portal.

Platform Credentials

The local Data Inspector application needs these credentials to authenticate with the Platform and access data in catalogs and layers.

Platform credentials are the here.access.key.id and here.access.key.secret from the credentials.properties file downloaded from the Platform Portal.

For more information, see the Get Credentials chapter of the Teams and Permissions User Guide.

Repository Credentials

You need these credentials to access the HERE Artifactory Repository that serves Data Inspector Library projects from a private npm registry.

Repository credentials are stored in a Maven settings.xml file generated and downloaded from the Platform Portal. The username and password tags in this file contain your credentials to the HERE Artifactory Repository.

For more information, see the Get Credentials chapter of the Teams and Permissions User Guide.

Basic Authentication Flow

A basic OLP authentication flow looks like below:

  1. The client app creates a signed request with here.access.key.id and here.access.key.secret.
  2. The client app sends a request to the HERE Account.
  3. The HERE Account responds with a JWT token for valid credentials.
  4. All client app requests are signed by the JWT token.
  5. The Data Service authorizes access with the JWT token.

To avoid entering credentials on each app launch, you can use an alternative flow. For protected servers with other means of authentication, such as an intranet login, a token can be returned to a client app.

Use Platform Credentials

Enter your platform credentials into the Authentication form in the local Data Inspector window (for example, when running Data Inspector Library example applications):

Data Inspector Authentication Form
Figure 1. Data Inspector Authentication Form

First, you must enter the values of the here.access.key.id and here.access.key.secret properties into the Authentication form. You can get these details from your personal credentials.properties file. With this method, the web app automatically generates an access token for you. Once the token has expired, the web app automatically requests a new one.

Then, if you want your app to access catalog data from within a specific project, you'll need the HERE Resource Name (HRN) of that project. Projects are used to track the usage (transfer, storage, compute) of catalogs that are on the credit-usage report. You can get the project HRN you need by going to the Project Manager in the OLP Portal.

Note that to work with catalogs and layers, your application needs access permissions that are granted by catalog owners. For more information, see the Teams and Permissions User Guide.

Auto Connect

This feature is available for both authentication modes. It allows you to persist the connection to the OLP Data Service.

Once you establish a connection and toggle this switch on, the web app automatically reconnects whenever you refresh your browser window. The web app reuses the credentials of the first successful connection.

Please note that auto connect is disabled after you end your session by closing the tab in your browser.

Use Local Authentication File

This method uses an access key ID and access key secret, but you store them in a config.json file. Using this method, you do not have to enter the details into the Authentication form.

You will find an example of this file called config.json.example in the root directory of the web app. Save a copy of this file as config.json, remove the commented header, and replace the placeholder values with your credentials.

To use this option, select the Use local file option. Fields for entering your access key and secret hide, and the application switches to the local config.json file.

Note: Do not share your local authentication file

This method of authentication should be used for local development only. If you plan to host the application somewhere, or share access to your web app with other users, be sure to remove the config.json file from the web application folder. Otherwise, your access credentials will be visible to anyone who has access to the web app.

results matching ""

    No results matching ""