Custom Authenticators#

The Curity Identity Server supports many built-in authentication methods called authenticators. All authentication related capabilities are part of the authentication profile. Therefore get familiar with the configuration of the Authentication Profile when developing custom authenticators.

In this section, we describe, from a developer’s point of view, how to integrate with the authentication profile and write custom authenticators.

Endpoints#

Authentication commonly involves user interaction. Consequently, authenticators typically provide user interfaces and request handlers. An authentication profile can expose endpoints for authenticators for the following purposes:

  • Authentication: Endpoints that are used to identify and authenticate an end-user.
  • Registration: Endpoints where an end-user can, among other things, create a new account, provision a device or reset their password.
  • Anonymous: Endpoints that do not require authentication like informational pages. Anonymous endpoints can also serve for out-of-band mapping.

You can find more information about the endpoints in the documentation of the authentication profile .

Registration#

Registration is an optional feature for authenticators. It allows for registering users or devices. The following conditions need to be true for registration to work:

  • The authentication profile has a registration endpoint configured.
  • The authenticator (the authenticator plugin) supports registration, that is it has request handlers for registration. One of them needs to map to create.
  • The corresponding account manager has registration enabled.

User Interfaces#

An authenticator can use multiple forms to interact with users as part of its flows. For that it needs:

  • Request Handlers for the GET and POST endpoints of the forms.
  • Request Models to represent the data from the forms.
  • HAAPI Representations to represent forms for API-driven logins.
  • Templates (.vm files) for rendering the forms.

Unless the application uses the Hypermedia Authentication API, the server renders user interfaces and guides the user through the flow. In that case, you can override existing templates to customize user experience. Refer to front-end development for more information on that topic.

Getting Started#

Curity provides a tutorial for getting started with authenticator plugins. Check out Getting Started with Authentication Plugins for guidance.

In addition study existing authenticator documentation and source code where available to learn about how authenticators work. For example, have a look at the HTML-form authenticator and Curity’s Github repository.

Also, get familiar with front-end development for customizing user experience.

Custom Authenticator APIs#

Most authenticators require no or very little interaction from an application’s point of view. Some authenticators may publish APIs which applications can interact with directly. For example, the Encap authenticator supports an optional flow where an application can register the device it is running at without user interaction. Check out the non-interactive flow for Encap for the details.

Was this helpful?