Personetics uses secure authentication tokens for single-sign-on with bank systems. The key role of the authentication token is to securely identify the end user for the command.
The following authentication options are available:
- Clear text – The user ID is provided as a clear text HTTP header. This is the simplest form of authentication that is often used for early development stages. Note that when encrypted, communication is used (such as mutual SSL encryption). This approach poses no security risks. This option is enabled by default.
- Java Web Tokens – User information is provided using the signed JSON objects according to the JWT standard. Personetics servers should be configured with a shared secret and the name of the user ID field in order to use this authentication option.
- Custom – User information is provided according to a custom schema defined by the bank. In many cases, this involves custom encryption using shared secrets and keys. Using this option requires custom configuration of Personetics servers in order to enable them to extract user information form the custom token.