LUIS

Overview

Access to the Livestock Unique Identification Service (LUIS) application is controlled by the Azure B2C authentication service that requires users to provide user credentials in order to order or cancel tags for Livestock.

This service uses a client credential authentication, using secure and well proven technology with a large body of reference implementations. All major software development toolsets, languages and frameworks are supported, with wide availability of sample code and supporting documentation.

Below is an overview of the procedures that third party developers and the client application they develop will follow in order to consume LIS API:

  • Register an application and Subscribe to use the LUIS service under the my Apps & Data page and make a note of all credentials
  • Obtain a test user account and test data to use the LUIS Sandbox service (LI will contact you with this)
  • Develop application flows to:
    1. Get Access token using Client Credentials
    2. Use the access token to access LUIS API

Client application

The ETM applications that run on servers (web apps, web API apps, or even service/daemon apps). They're considered capable of keeping configuration data and application information secret because it is difficult for casual users to gain access either due to physical location or build-in software defence mechanisms. A web app is the most common type of confidential client.

Each ETM is provided with a distinct configuration (which includes the client ID and client secret). The client ID and client secret are used only to get access token.

The client credential flow for this type of application is shown in the diagram below

Client credential flow diagram

Authentication process flows

Both application types follow similar high-level patterns when authenticating:

  • The ETM application should make a call to B2C to for an access token
  • The application receives access token from the authentication service
  • The application uses the access token and the LUIS API subscription key to access protected information or a protected resource hosted by the LIS service
  • The LUIS service validates the access token and subscription key to verify that access can be granted

The diagram below summarises this flow:

Authentication process flow diagram

The client application calls the Oauth2/v2.0/token url of B2C with the following fields

B2C token request fields

The client id, client secret and scope will be provided which has to be sent to the B2C url to generate access token.

Once the client application has received an access token from the B2C, it uses this together with the subscription key to access the secure services exposed by the Livestock Information Service.

The technical detail of the implementation is beyond the scope of this document. Implementation patterns and specific details will vary according to which programming languages, code libraries and applications frameworks are used to develop the client application.

Microsoft B2C Documentation

Full documentation detailing the application flows, together with code samples for a variety of development technologies and frameworks is available on the Microsoft Azure B2C Documentation web site. This location also provides information about how the specific implementation details required depending on whether you are developing a public or a confidential client application.

Sample Code on Livestock Github Channel

Sample code illustrating authentication with Livestock Identity platform in a web application is available via our github repository.