The Client API supports two types of authentication, HTTP Basic Authentication and OAuth. HTTP Basic Authentication is used for accessing on-premise repositories. OAuth is used for accessing Alfresco in the Cloud.
Internally, the Client API uses an AuthenticationProvider interface. There are two implementations of this interface, BasicAuthenticationProvider and OAuthAuthenticationProvider. An AuthenticationProvider is responsible for providing an HTTP request with the headers that need to be added to a request in order to identify and authorize the user.
The BasicAuthenticationProvider is constructed with a username and password and when requested provides the standard "Authorization" header.
This authentication provider is used for accessing on-premise servers.
The OAuthAuthenticationProvider is constructed with an API key, API secret, access token and refresh token. When requested, it provides the OAuth token using the following header:
Authorization: Bearer [your access code]
This authentication provider is used for accessing Alfresco in the Cloud. By default CloudSession uses OAuth.
An Alfresco application can use the OAuth 2.0 authorization code flow to authenticate itself with Alfresco Cloud and to allow users to authorize the application to access data on their behalf.
You first register your application on the Alfresco Developer site. You provide a callback URI (http://www.alfresco.com/mobile-auth-callback.html), and a scope ("public_api").
Registration will provide you with an API key and a Key Secret which are required by your application to authorize itself.
When a user runs your application, the application requests an authorization code from Alfresco using its API key, Key Secret, callback URI and scope. Alfresco will inform the user that your application wishes to access resources, and asks the user to grant or deny access.
If the user grants access, Alfresco returns an authorization code to the application. Your application then exchanges the authorization code for an access token. Your application can then call the Client API with the access token.
Example code demonstrating connection to on-premise repositories and Alfresco in the Cloud can be found in the SDK Samples application and HelloRepo application provided with the SDK.
A general OAuth sample can be found on Alfresco's Github site.