AccessProvider is a native collection of user-defined access providers. Access provider documents are used for external authentication that involves an identity provider (IdP).

An access provider document configures half of the relationship required to authenticate with an IdP. The other half of the relationship is configured in the IdP. Authorization to resources is supported by the Fauna Role collection.

Unlike user-defined collections, the document structure for the AccessProvider collection is Fauna-defined and immutable. Provider documents are accessed by their name parameter, which makes this collection a part of the subset of native collections known as named collections.

See the AccessProvider document definition

Authentication with an IdP

An IdP offers the following services and capabilities:

  • creates, maintains, and manages identity information

  • creates, maintains, and manages permissions for each identity

  • offers authentication services where its identities, or those from other identity providers can be authenticated.

When you use IdP authentication with Fauna, the identities and their credentials are stored in the IdP. The IdP authenticates identities against their credentials, and, on success, the IdP generates a JSON Web Token (JWT).

The JWT is a password-equivalent for a Fauna client. Fauna supports only the RS256, RS384, and RS512 encryption algorithms and doesn’t accept JWTs encrypted with another algorithm.

An IdP-unique AccessProvider configuration in the Fauna database is required to support a JWT. After an AccessProvider document and a JWT exist for an identity, the JWT is used instead of a Fauna Token or Key to authorize the execution of queries.

Static methods

Method Description

Get the set of all access providers.

Get an access provider by its name.

Create an access provider.

Get the first provider matching a predicate function.

Get providers matching a predicate function.

Instance methods

Method Description

Delete an access provider.

Tests if an access provider exists.

Replace an access provider.

Update an access provider.

Is this article helpful? 

Tell Fauna how the article can be improved:
Visit Fauna's forums or email

Thank you for your feedback!