Guest Configuration
Guest Configuration enables guest user authentication for applications that need to allow unauthenticated or temporary access.
Table name: guest_config
| Field | Type | Description |
|---|---|---|
| tenant_id | CHAR(10) | Tenant identifier (Primary Key) |
| is_encrypted | BOOLEAN | Whether the secret key is encrypted (default: true) |
| secret_key | VARCHAR(16) | Secret key for guest authentication |
| allowed_scopes | JSON | Array of scope names allowed for guest users (default: empty array) |
Prerequisites
Section titled “Prerequisites”- Tenant Configuration - A tenant must be created first
- Client Configuration - Required for all flows
- Token Configuration - Required for all flows
Encryption Details
Section titled “Encryption Details”When is_encrypted is set to true, guest identifiers must be encrypted using the following parameters:
| Parameter | Value |
|---|---|
| Algorithm | AES (Advanced Encryption Standard) with CBC mode |
| Key | Shared secret key from secret_key field |
| IV | Zero initialization vector (16 bytes of zeros) |
| Encoding | Base64 for encrypted identifier |
| Padding | No padding (encrypted data must be block-aligned) |
Related Configurations
Section titled “Related Configurations”Guest authentication uses the basic mandatory configurations: