- The end user (REST client) is authenticated using the REST Auth API (Loginapp).
- After successful authentication, IAM issues a JWT to the REST client.
- The JWT can be used on 3rd party systems that are not connected to IAM
- JWTs in requests sent to Airlock Gateway are authenticated by inspecting the JWT. This involves IAM's one-shot interface.
- The example uses username/password authentication (no second factor).