Globus Auth is a foundational identity and access management (IAM) platform service, used for brokering authentication and authorization interactions between end-users, identity providers, resource servers (services), and clients (including web, mobile, desktop, and command line applications, and other services).
The goal of Globus Auth is to enable an extensible, integrated ecosystem of services and clients for the research and education community. A typical research/education end-user has many identities, issued by different identity providers (e.g., universities, national laboratories, software-as-a-service (SaaS) web applications, commercial services). This end-user uses various application clients (e.g., web, mobile, desktop, command line). These clients leverage a variety of web/cloud services, from many providers, and these services even leverage each other. Globus Auth provides the security glue to allow end-users to easily access this ecosystem of clients and services. It also makes it possible for an extensible set of identity, client, and service providers to participate in this ecosystem and to leverage each other’s capabilities while providing end-users with a consistent user experience.
Globus Auth is compliant with the OAuth2 and OpenID Connect standards, but extends them to support use cases that are beyond the scope of those standards. Compliant OAuth2 and OpenID Connect clients should work with Globus Auth with little or no changes.