Getting Started

fabric Identity provides a default user pool for all userapp(s) created in a particular tenant. If the developers need to separate the end users of their userapp(s), new user pools should be created and associated with the respective userapp(s).

Before integrating userapp with fabric Identity, determine the authentication scenario for the app by answering the following questions:

  • Does this userapp need to share the end users with other apps? If so are the necessary user pools already created?
  • Which authentication flow from the below options would be used by the userapp ?
    • Authorization Code Flow with PKCE: fabric recommends using this flow for all user applications, unless if there is no support available within a specific device or a browser.
    • Authorization Code Flow: This is the classic Authorization Code Flow mentioned in the OpenID Connect specification and should be used only if the PKCE flow is not supported in the app environment. This flow needs a backend-for-frontend layer within the userapp that inturn integrates with the fabric Identity.
  • Determine the domain name of the app. This is needed for fabric Identity to whitelist the redirect-url of the application required as part of the authentication flows.

Once the above questions are answered, proceed to create a userapp to represent the actual app being built and provide the user pool, auth type and app domain details. If new user pools are needed these should be created first before creating the userapp(s). Ensure the following details are available for each userapp before starting the integration with fabric Identity:

client-id - This is a unique ID that represents the userapp and is required for OpenID Connect authentication flows

client-secret - This is a app-specific secret that allows the fabric Identity to validate the client app. This is required only if the usrapp is planning to use the classic Authorization Code Flow defined in the OpenID Connect specification.

Authorization Url - This is the http end point of fabric Identity that the app needs to communicate with for getting its access token.

Currently fabric's customers do not have a self-service capability to create user pools and userapp(s) by themselves. Kindly request fabric support for help in creating the same.