fabric Identity provides a default user pool for all
userapp(s) created in a particular tenant. If the developers need to separate the end users of their
userapp(s), new user pools should be created and associated with the respective
userapp with fabric Identity, determine the authentication scenario for the app by answering the following questions:
userappneed to share the end users with other apps? If so are the necessary user pools already created?
Which authentication flow from the below options would be used by the
- Authorization Code Flow with PKCE: fabric recommends using this flow for all user applications, unless if there is no support available within a specific device or a browser.
Authorization Code Flow: This is the classic
Authorization Code Flow
mentioned in the OpenID Connect specification and should be used only if the PKCE flow is not supported in the app environment. This flow needs a
layer within the
userappthat inturn integrates with the fabric Identity.
Determine the domain name of the app. This is needed for fabric Identity to whitelist the
redirect-urlof the application required as part of the authentication flows.
Once the above questions are answered, proceed to create a
userapp to represent the actual app being built and provide the user pool, auth type and app domain details. If new user pools are needed these should be created first before creating the
userapp(s). Ensure the following details are available for each
userapp before starting the integration with fabric Identity:
client-id - This is a unique ID that represents the
userapp and is required for OpenID Connect authentication flows
client-secret - This is a app-specific secret that allows the fabric Identity to validate the client app. This is required only if the
usrapp is planning to use the classic Authorization Code Flow defined in the OpenID Connect specification.
Authorization Url - This is the http end point of fabric Identity that the app needs to communicate with for getting its access token.
Currently fabric's customers do not have a self-service capability to create user pools and
userapp(s) by themselves. Kindly request fabric support for help in creating the same.