AccessProvider is a native collection of user-defined access providers. Access provider documents are used for external authentication that involves an identity provider (IdP).

An access provider document configures half of the relationship required to authenticate with an IdP. The other half of the relationship is configured in the IdP. Authorization to resources is supported by the Fauna Role collection.

Unlike user-defined collections, the document structure for the AccessProvider collection is Fauna-defined and immutable. Provider documents are accessed by their name parameter, which makes this collection a part of the subset of native collections known as named collections.

An IdP offers the following services and capabilities:

When you use IdP authentication with Fauna, the identities and their credentials are stored in the IdP. The IdP authenticates identities against their credentials, and, on success, the IdP generates a JSON Web Token (JWT).

The JWT is a password-equivalent for a Fauna client. Fauna supports only the RS256, RS384, and RS512 encryption algorithms and doesn’t accept JWTs encrypted with another algorithm.

An IdP-unique AccessProvider configuration in the Fauna database is required to support a JWT. After an AccessProvider document and a JWT exist for an identity, the JWT is used instead of a Fauna Token or Key to authorize the execution of queries.