Authentication

Authenticate Your Application User to Smarter AI Camera Platform

In this section, we will describe how your application user will get authenticated in the Smarter AI Camera Platform.

Supported Authentication Methods

The Smarter AI Camera Platform uses social login to authenticate a user in its platform.
Right now we support social login from the Google and Microsoft providers.

The Platform Library for Authentication

📘

Android

Use Access library through Access.java to perform your authentication in the Smarter AI Camera Platform.

📘

iOS

Use Access library through Access.h to perform your authentication in the Smarter AI Camera Platform.

Understanding The Authentication Process

Many 3rd party service offers social login with their platform which is an easier and popular way to authenticate a user in the application.

By supporting social login from 3rd party providers, Smarter AI has simplified to process of authentication as depicted below.

Authentication Flow in Brief

1. User inputs social account credentials through the application's integrated social login

2. Social login gives an authentication token upon successful login along with some account information

3. App prepares provisioning info, including the authentication token and additional info taken from user or the social account

4. App invokes Access library for provisioning with the provisioning info

5. Access library communicates with Smarter AI server for provisioning

6. Smarter AI server verifies social login with the authentication token provided in the provisioning info

7. Server replies to Access library about success or fail

8. Access library gives callback into application layer about success or fail

Depicted Authentication Flow

Step by Step Authentication

Step 1 : Endpoint Name

Take an endpoint name as input from user. This endpoint name can be any String.

Endpoint name is used to identify different endpoints of a user. Lets clarify with an example :

• A user has 2 mobile device where he logs in with same social account.

• The user ID will be same but our system will assign 2 different endpoint Ids for these 2 devices. In the case the user requests a stream with a particular device, the endpoint ID determines which device to stream with.

• For the user's convenience, we have given the user the provision of giving an endpoint a name.

• For example a user can give name like : OnePlus7 Home, iPhoneX Work, etc.

• We have the provision to see/remove other logged in devices, whereas users can see his/her other devices with that endpoint name. This functionality is described in the section Controlling your Cameras and Devices.

• The given endpoint name is also available in Smarter AI Dashboard for precise identification of the user device.

Step 2 : Tenant ID

You can integrate the given tenant id in your application or make user provide it ins some secure way.

Suggestions
We suggest the following for the tenant ID

• First, we suggest to securely hide that in your app. Not to take input from user.

• Alternatively, you can take a secret from user and use that to map your tenant ID.

• Tenant ID is a key information to communicate with our API. So, very strict measures should be taken to make sure of its safety.

• If you take the tenant ID as input, we suggest you to verify that the input matches with your expectations.

Step 3 : Social Login

First you need to integrate one of our supported social login in your application.

• Google
• Microsoft

To integrate Google login in your application, follow this guide

And for Microsoft login follow this guide

After you integrate a social login, let users perform the social login which will return a social account.

We need at least 2 information from the social account for provisioning:

1. Authentication token
2. Unique user name

Getting token and user name from social sign in

After a successful social sign in, you will have the social account instance in your application.
The accounts will include a token and user name for that account.

Use that token as the Authentication token and the user name associated with the account as the Unique user name for provisioning.

Step 4 : Provisioning

Provisioning is the process of authenticating a user into the Smarter AI Camera platform.

Smarter AI libraries provide 2 kinds of provisioning:

1. Field Provisioning
   The first time user authenticates in the Smarter AI camera platform.

2. Factory Provisioning
   User is already authenticated in the Smarter AI camera platform.
   He is entering the app again. At this moment, the factory provisioning is done to ensure the case
   when the user is removed/banned from the Smarter AI Dashboard.

Field Provisioning

For doing field provisioning, you need the following info:

1. Unique user name
   Collected from social login
2. Authentication token
   Collected from social login
3. Social login provider
   Find the provider from this chart
4. Domain
   Use the string TENANT as domain
5. Tenant Id
   Provided by Smarter AI. See here for details
6. EndPoint name
   Collected from user input
7. Device unique identifier
   A unique identifier for the device. For example - MAC address etc.

Social login provider

Doing the Field Provisioning

Before you proceed, make sure you have read this section to have a good understanding of the AccessRets

📘

Android

1. Call the fieldProvisionApp() method from Access class with the required parameters.
   See the example code below

Java

Access.AccessRet fieldProvisionAppResult = AnyConnectApi.get().getAccess()
    .fieldProvisionApp(uniqueUserName,
        authenticationToken,
        socialLoginProvider,
        domain,
        tenantId,
        endPointName,
        deviceUniqueIdentifier
    );

1. Call the fieldProvisionApp() method from Access class with the required > parameters.
   See the example code below

Java

Access.AccessRet fieldProvisionAppResult = AnyConnectApi.get().getAccess()
    .fieldProvisionApp(uniqueUserName,
        authenticationToken,
        socialLoginProvider,
        domain,
        tenantId,
        endPointName,
        deviceUniqueIdentifier
    );

2. If the fieldProvisionAppResult is OK, then call build() method of Access class.
   See the example code below

Java

if (fieldProvisionAppResult == Access.AccessRet.OK) {
    Access.AccessRet buildResult =  AnyConnectApi.get().getAccess().build();
    // If the `buildResult` is `OK`, then the provisioning is successful
        if (buildResult == Access.AccessRet.OK) {
        // The provisioning is successful. Let the user enter the app
    } else {
        // The provisioning is unsuccessful.
    }
} else {
    // The provisioning is being done with wrong parameters
}

📘

iOS

1. Call the fieldProvisionApp() method of AccessBuilder class with the required parameters.
   See the example code below. Considering you have read the initialization of builder instance for iOS.

Objective-c

AccessRet fieldProvisionAppResult = builder->
    fieldProvisionApp(uniqueUserName,
        authenticationToken,
        socialLoginProvider,
        domain,
        tenantId,
        endPointName ,
        deviceUniqueIdentifier
    );

2. If the fieldProvisionAppResult is OK, then call build() method of AccessBuilder class.
   See the example code below

Objective-c

if (fieldProvisionAppResult == OK) {
    AccessRet buildResult =  builder->build();
    // If the `buildResult` is `OK`, then the provisioning is successful
        if (buildResult == OK) {
        // The provisioning is successful. Let the user enter the app
    } else {
        // The provisioning is unsuccessful.
    }
} else {
    // The provisioning is being done with wrong parameters
}

In any case the method calling return value is not OK, we recommend to refer to this section for a better understanding.

Factory Provisioning

For doing factory provisioning, you need the following info

1. Endpoint ID
   This is the ID given to the application as an endpoint
2. Endpoint Secret
   This is a token given after successful Field Provisioning as a security token for communicating with the platform.

Doing the Factory Provisioning

Again, before you proceed, make sure you have read this section to have a good understanding of AccessRet

📘

Android

1. Get the endPointId and endPointSecret from the Access library

Java

String endPointId = AnyConnectApi.get().getAccess().getEndpointId();
String endPointSecret = AnyConnectApi.get().getAccess().getEndpointSecret();

2. Call the factoryProvisionEndpoint() method from Access class with the required parameters. See the example code below

Java

Access.AccessRet factoryProvisioningResult = AnyConnectApi.get().getAccess()
                .factoryProvisionEndpoint(endPointId,endPointSecret);

3. If the factoryProvisioningResult is OK, then call build() method of Access class.
   See the example code below

Java

if (factoryProvisioningResult == Access.AccessRet.OK) {
    Access.AccessRet buildResult =  AnyConnectApi.get().getAccess().build();
    // If the `buildResult` is `OK`, then the provisioning is successful
        if (buildResult == Access.AccessRet.OK) {
        // The provisioning is successful. Let the user enter the app
    } else {
        // The provisioning is unsuccessful.
    }
} else {
    // The provisioning is being done with wrong parameters
}

📘

iOS

1. Call the factoryProvisionEndpoint() method of AcceAccessBuilder class with the required parameters. See the example code below

Objective-c

    AccessRet factoryProvisioningResult = builder->factoryProvisionEndpoint(endpointID, secret);

2. If the factoryProvisioningResult is OK, then call build() method of AccessBuilder class.
   See the example code below

Objective-c

if (factoryProvisioningResult == OK) {
    AccessRet buildResult =  builder->build();
    // If the `buildResult` is `OK`, then the provisioning is successful
        if(buildResult == OK) {
        // The provisioning is successful. Let the user enter the app
    } else {
        // The provisioning is unsuccessful.
    }
} else {
    // The provisioning is being done with wrong parameters
}

In any case the method calling return value is not OK, we recommend to refer to this section for a better understanding.