Implement third-party authentication
Authentication using Auth0
This guide will describe how to set up user authentication using the third-party authentication service provider Auth0. Be aware that this only shows how to connect Appfarm to Auth0, and you need to set up an authentication provider from Auth0 yourselves.
Step 1
Go to https://auth0.com/ and create an account. Sign into Auth0.
Step 2
Go to Applications -> Applications and click the Create Application button. Give the application an appropriate name, select the option "Regular Web Applications" and click Create.
When the application is created, make sure to copy the value of Domain, Client ID, and Client Secret to your notepad, as we will need these later. Scroll down to Allowed Callback URLs and type in https://accounts.appfarm.io/v1/callback.
Click Save Changes.
Step 3
In Appfarm Create, go to Secrets and add a new secret. Give it a name, and paste the Client Secret you copied to your notepad into the Value input field. The Secret Type should be String.
Step 4
Go to Login Configs -> Custom Auth Providers and click the plus button to add a new Auth provider. Set the following options:
Name: Give the auth provider an appropriate name. E.g. "Auth0".
Provider: Set this to Auth0.
Client ID: Paste the Client ID you copied to your notepad.
Client Secret: Select the secret you created for the Client Secret.
Tenant ID: Paste the Domain you copied to your notepad.
Step 5
Go to Login Configs -> Login Config, and under Custom Auth add a new Auth Provider. Give it an appropriate name, and set the Provider to the Auth provider you created on Step 4.
Testing
Google login should be enabled by default, so you might test the authentication using your Google account.
Authentication using Criipto
This guide will describe how to set up user authentication using the third-party authentication service provider Criipto. Authentication with BankID will be used as an example, but a similar setup might be used to set authentication with the other authentication services Criipto offers. Please note that Criipto is totally independent of Appfarm, and has its own pricing for its services.
Step 1
Go to https://criipto.com/ and create an account. Sign into Criipto Verify.
Step 2
Inside Criipto Verify, go to Applications and create a new application. Fill in/select the following options:
Name: Give the application an appropriate name
Callback URLs: Type https://accounts.appfarm.io/v1/callback
Select e-IDs: Select the provider you want, e.g. "NO BankID"
OpenID Connect: Enable OAuth2 Code Flow, and set User info response strategy to plainJson
Make sure to copy the value of Client ID/Realm and Available on domain to your notepad, as we will need these later.
Click the Save-button. A dialog box will pop up with your client secret. Make sure to copy the secret to your clipboard, as this value only will be available once (it can only be re-generated). You should also
Step 3
In Appfarm Create, go to Secrets and add a new secret. Give it a name, and paste the Client Secret into the Value input field. The Secret Type should be String.
Step 4
Go to Login Configs -> Custom Auth Providers and click the plus button to add a new Auth provider. Set the following options:
Name: Give the auth provider an appropriate name. E.g. "Criipto BankID".
Provider: Set this to Custom.
Client ID: Paste the Client ID/Realm you copied to your notepad.
Client Secret: Select the secret you created for the Client Secret.
OpenID Discovery Endpoint: Paste the .well-known link of the connection you want. The syntax looks like this: https://yourdomain.criipto.id/BASE64(acr_values)/.well-known/openid-configuration. The link has two variables:
Domain name (yourdomain.criipto.id), which points to your Criipto application. It should be the Available on domain link you copied to your notepad
acr_values (BASE64(acr_values)), which defines which login you'd like to setup. It should be a BASE64 encoded string based on the acr_values required by Criipto for each login. For BankID, the string is dXJuOmdybjphdXRobjpubzpiYW5raWQ=.
Step 5
Go to Login Configs -> Login Config, and under Custom Auth add a new Auth Provider. Give it an appropriate name, and set the Provider to the Auth provider you created on Step 4.
Testing
To test the login, you may create a test-user by following this article from Criipto.
Authentication using Azure AD
This guide will describe how to set up user authentication using the third-party authentication service provider Azure AD.
Step 1
Go to the Azure portal and log in with your Microsoft account.
Step 2
Go to Azure Active Directory -> Add and click App registration. Give the application an appropriate name, select the option "Regular Web Applications" and click Create.
Name your application, set redirect URI to https://accounts.appfarm.io/v1/callback, and click Register.
In Azure AD, you explicitely need to define what claims that should be sent in the Azure token. To define this:
Go to Token configuration and click Add optional claim
Add
email
(must be added, since it is required for Appfarm Users). It is also recommended to addfamily_name
andgiven_name
as optional claims to complete the Appfarm User object. See screenshot below.
When the application is created and step 2 har been completed, make sure to copy the value of Directory (Tenant) ID, Client ID, and Client Secret to your notepad, as we will need these later.
Step 3
In Appfarm Create, go to Secrets and add a new secret. Give it a name, and paste the Client Secret you copied to your notepad into the Value input field. The Secret Type should be String.
Step 4
Go to Login Configs -> Custom Auth Providers and click the plus button to add a new Auth provider. Set the following options:
Name: Give the auth provider an appropriate name. E.g. "Azure AD".
Provider: Set this to Azure AD.
Client ID: Paste the Client ID you copied to your notepad.
Client Secret: Select the secret you created for the Client Secret.
Tenant ID: Paste the Directory (tenant) ID you copied to your notepad.
Step 5
Go to Login Configs -> Login Config, and under Custom Auth add a new Auth Provider. Give it an appropriate name, and set the Provider to the Auth provider you created on Step 4.
Testing
You can now test your authentication by using your Microsoft account.
Authentication using Azure AD B2C
Azure AD B2C is a separate service from Azure Active Directory (Azure AD) and requires a different setup in Create.
Step 1 - Step 3
Follow the same steps as described in Authenthication using Azure AD. However, instead of installing the Azure AD Directory, you need to install the Azure AD B2C Directory.
Step 4
In the Azure AD B2C Directory, you need to create the user flow with custom policies ( https://docs.microsoft.com/en-us/azure/active-directory-b2c/custom-policy-overview). In the custom policies, it is important to include email (string) as a claim.
Step 5
Go to Login Configs -> Custom Auth Providers and click the plus button to add a new Auth provider. Set the following options:
Name: Give the auth provider an appropriate name. E.g. "Azure AD B2C".
Provider: Set this to Custom.
Client ID: Paste the Client ID you copied to your notepad.
Client Secret: Select the secret you created for the Client Secret.
Open ID Discovery Endpoint: Paste OpenID Connect metadata endpoint ID for your B2C tenant. This can be found in your B2C tenant at the Azure Portal, and looks like this: https://fabrikamb2c.b2clogin.com/fabrikamb2c.onmicrosoft.com/b2c_1_sign_in/v2.0/.well-known/openid-configuration
Step 6
Go to Login Configs -> Login Config, and under Custom Auth add a new Auth Provider. Give it an appropriate name, and set the Provider to the Auth provider you created in Step 4.
Last updated