Implement third-party authentication
Last updated
Was this helpful?
Last updated
Was this helpful?
This guide will describe how to set up user authentication using the third-party authentication service provider Auth0. Be aware that this only shows how to connect Appfarm to Auth0, and you need to set up an authentication provider from Auth0 yourselves.
Go to and create an account. Sign into Auth0.
Go to Applications -> Applications and click the Create Application button. Give the application an appropriate name, select the option "Regular Web Applications" and click Create.
When the application is created, make sure to copy the value of Domain, Client ID, and Client Secret to your notepad, as we will need these later. Scroll down to Allowed Callback URLs and type in .
Click Save Changes.
In Appfarm Create, go to Secrets and add a new secret. Give it a name, and paste the Client Secret you copied to your notepad into the Value input field. The Secret Type should be String.
Go to Login Configs -> Custom Auth Providers and click the plus button to add a new Auth provider. Set the following options:
Name: Give the auth provider an appropriate name. E.g. "Auth0".
Provider: Set this to Auth0.
Client ID: Paste the Client ID you copied to your notepad.
Client Secret: Select the secret you created for the Client Secret.
Tenant ID: Paste the Domain you copied to your notepad.
Go to Login Configs -> Login Config, and under Custom Auth add a new Auth Provider. Give it an appropriate name, and set the Provider to the Auth provider you created on Step 4.
Google login should be enabled by default, so you might test the authentication using your Google account.
This guide will describe how to set up user authentication using the third-party authentication service provider Criipto. Authentication with BankID will be used as an example, but a similar setup might be used to set authentication with the other authentication services Criipto offers. Please note that Criipto is totally independent of Appfarm, and has its own pricing for its services.
Inside Criipto Verify, go to Applications and create a new application. Fill in/select the following options:
Name: Give the application an appropriate name
Select e-IDs: Select the provider you want, e.g. "NO BankID"
OpenID Connect: Enable OAuth2 Code Flow, and set User info response strategy to plainJson
Make sure to copy the value of Client ID/Realm and Available on domain to your notepad, as we will need these later.
Click the Save-button. A dialog box will pop up with your client secret. Make sure to copy the secret to your clipboard, as this value only will be available once (it can only be re-generated). You should also
In Appfarm Create, go to Secrets and add a new secret. Give it a name, and paste the Client Secret into the Value input field. The Secret Type should be String.
Go to Login Configs -> Custom Auth Providers and click the plus button to add a new Auth provider. Set the following options:
Name: Give the auth provider an appropriate name. E.g. "Criipto BankID".
Provider: Set this to Custom.
Client ID: Paste the Client ID/Realm you copied to your notepad.
Client Secret: Select the secret you created for the Client Secret.
Domain name (yourdomain.criipto.id), which points to your Criipto application. It should be the Available on domain link you copied to your notepad
Go to Login Configs -> Login Config, and under Custom Auth add a new Auth Provider. Give it an appropriate name, and set the Provider to the Auth provider you created on Step 4.
Follow these steps to configure user authentication with Microsoft Entra ID (Azure AD).
Register an application.
Go to Microsoft Entra ID.
Click Add -> App registration.
In the Name field, enter a display name, for example appfarm-auth.
Under Redirect URI, select Web and enter the URI https://accounts.appfarm.io/v1/callback.
Click Register.
Generate and record credentials.
Go to Certificates & secrets.
Click New client secret.
Enter the required details and click Add.
Note down the generated client secret Value. This secret is required later in this process.
Go to Overview.
Note down the Application (client) ID and Directory (tenant) ID values.
So that Appfarm has enough information to create the user’s account, you must configure Microsoft Entra ID to provide at least one optional claim – the user's email address. You may also wish to add more.
Go to Token configuration.
Click Add optional claim.
Under Token type, select ID.
Click Add.
A dialog will appear. Select Turn on the Microsoft Graph email, profile permission, and click Add.
Click Create Secret.
In the Name field, enter a name for the client secret, for example Microsoft Entra ID Client Secret.
In the Value field, enter the client secret you noted down in Step 3.
Click Create.
Go to Login -> Custom Auth Providers.
Click the + button to add a new provider.
In the Name field, enter a name for the auth provider, for example Microsoft Entra ID.
In the Provider field, select Microsoft Entra ID (Azure AD).
In the Client ID field, enter the Application (client) ID you noted down in Step 3.
In the Client Secret field, select the secret you created in Step 5.
In the Tenant ID field, enter the Directory (tenant) ID you noted down in Step 3.
The above configuration will allow users with an existing Appfarm user to log in using Microsoft Entra ID. If you also want new users without an existing Appfarm user to be able to log in, you need to configure that under Appfarm Account Options.
Select the Auto Create Account checkbox.
Go to Login -> Login Config.
Select a login configuration to add the custom auth provider.
Under Custom Auth, click the + button to add a new provider.
In the Name field, enter a name for the auth provider, for example Microsoft Entra ID.
In the Provider field, select the provider you created in Step 6.
Azure AD B2C is a separate service from Microsoft Entra ID (Azure AD) and requires a different setup in Appfarm Create.
Go to Login Configs -> Custom Auth Providers and click the plus button to add a new Auth provider. Set the following options:
Name: Give the auth provider an appropriate name. E.g. "Azure AD B2C".
Provider: Set this to Custom.
Client ID: Paste the Client ID you copied to your notepad.
Client Secret: Select the secret you created for the Client Secret.
Go to Login Configs -> Login Config, and under Custom Auth add a new Auth Provider. Give it an appropriate name, and set the Provider to the Auth provider you created in Step 4.
Go to and create an account. Sign into Criipto Verify.
Callback URLs: Type
OpenID Discovery Endpoint: Paste the .well-known link of the connection you want. The syntax looks like this: . The link has two variables:
acr_values (BASE64(acr_values)), which defines which login you'd like to setup. It should be a BASE64 encoded string based on the acr_values . For BankID, the string is dXJuOmdybjphdXRobjpubzpiYW5raWQ=.
To test the login, you can create a test user by following
Sign in to the Microsoft Azure using an account with administrator permission.
In the list that appears, select email. This claim is required for the authentication to function. We also recommended adding family_name and given_name to complete the .
Now, you can start configuring the authentication in Appfarm Create. First, add the client secret as a .
In , go to Secrets.
Add a new .
In the Initial Roles list, select the the user should be assigned on creation.
Add the custom auth provider to your configuration.
Users should now be able to log in to the using their Microsoft Entra ID credentials.
Follow the same steps as described in However, instead of using the Microsoft Entra ID service, you need to use Azure AD B2C.
In the Azure AD B2C Directory, you need to create the user flow with . In the custom policies, it is important to include email (string) as a claim.
Open ID Discovery Endpoint: Paste OpenID Connect metadata endpoint ID for your B2C tenant. This can be found in your B2C tenant at the Azure Portal, and looks like this:
