Introduction to built-in authentication

The PowerServer Web APIs can include a built-in authentication server which can be used easily to authenticate the installable cloud apps. You can select which of the following authentication server to be built into the PowerServer Web APIs. And since the authentication server is built into the PowerServer Web APIs, it has the same root URL as the PowerServer Web APIs and it runs automatically when the PowerServer Web APIs runs.

  • Use built-in JWT server: Includes a built-in authentication server that supports JWT or bearer tokens. See Using JWT for more information.

  • Use built-in AWS Cognito server: Includes a built-in authentication server that works with the Amazon Cognito user pool. See Using Amazon Cognito for more information.

  • Use Azure Active Directory service: Includes templates for working with Azure AD or Azure AD B2C. See Using Azure Active Directory service for more information.

  • Use other authentication servers: Includes templates that can be easily extended to support the other identity providers that work with the OAuth flows or JWT, such as Okta OIDC (OpenID Connect). See Using other authentication servers for more information.


1. The client sends the user name and password (from the INI file or login window) to the authentication server.

2. The authentication server validates the user (against the DefaultUserStore.cs file, the authentication database, or the LDAP server); and if validation is successful, it authorizes and returns a token to the client.

3. The client sends a request that includes the token to the PowerServer Web APIs.

4&5. The PowerServer Web APIs validates the token with the authentication server.

6&7&8. If validation is successful, the PowerServer Web APIs gets the data from the database and sends the data to the client.

The following tokens are supported:

  • JSON Web Token (JWT) (recommended)

  • Bearer token

For OAuth 2.0, the following authorization flows are recommended:

  • Client Credentials

  • Resource Owner Password

The PowerBuilder client application will implement the authentication process (such as getting a valid token, accessing data with the token etc.) using the PowerBuilder objects (such as RestClient, OAuthClient, JsonParser, TokenRequest, TokenResponse), and the Application.SetHttpRequestHeader function. See the code example in the following sections for more details. And it calls the Application.BeginSession function to create the user session in a manual way (instead of the automatic way) in order to include the token information. See the "Start the session manually" section for more details.