Overview
Intro
Content Hub Auth is an OpenID Connect and Oauth2 implementation used to authenticate and authorize users and clients to access Content Hub services. The service supports both internal to Maxar and external end-user identities, as well as the ability to create client credentials in a self-serve fashion for machine to machine requests.
Supported Services
Content Hub Auth access tokens can be used to access the following services:
Definitions
| Term | Definition |
|---|---|
| Acount | Accounts can have many users and clients, and they specify permissions for their respective members. |
| User | All users belong to an account. Users can authenticate with a unique username and password in order to provision an access token |
| Client | All clients belong to an account and must be created by a user with the necessary permissions. Clients are intended to be used by applications to programatically provision access tokens for machine to machine requests. |
| Access Token | An Oauth2 Bearer token that contains the necessary info to authenticate and authorize the user or client that provisioned it. |
| Scopes | Scopes are defined at the account level and contained within an access token. They are used to determine what level of access a user or client has against a service. |
Getting Started
Your Account
In order to provision an access token with Content Hub Auth you will first need to have an account that your exisiting or new user identity can be tied to.
For Maxar employees
Upon registration with Content Hub Auth, Maxar employees are always associated to the maxar_internal account. So no need to request a new account. Skip to User Registration.
If your organization is a first time user of Content Hub Auth, please reach out to your Maxar point of contact to request a new account. If your organization already has an account proceed to User Registration.
User Registration
When an account is established at least one user under that account will be granted an account admin role. Any user with that account admin role can register new users.
Contact your account's account admin in order to get registered.
If you are an account admin refer to the user administration docs to register a user identity to your account.
For Maxar employees
All Maxar employees are created with the account admin role designation. So any existing user can add new users to the maxar_internal account or create a set of client credentials for a respective app. If none of your team members are existing users email: content-auth-support@maxar.com to have your Okta identity registered as a Content Hub user.