fabric Identity provides a default user pool for all userapps created by a particular merchant. If the developers need to separate the userapp end users, new user pools can be created and associated with the respective userapps.
Before integrating a userapp with fabric Identity, determine the authentication scenario for the app by answering the following questions:
- Does this userapp need to share end users with other apps? If so, have the necessary user pools been created?
Which flow will the userapp use?
- Authorization Code Flow with PKCE : fabric recommends using this flow for all user applications unless there is no PKCE support available within a specific device or browser.
- Authorization Code Flow : This is the classic Authorization Code Flow mentioned in the OpenID Connect specification. It should be used only if PKCE flow is not supported in the app environment. This flow requires a backend-for-frontend layer within the userapp that, in turn, integrates with fabric Identity.
What is the userapp's domain name? This is required for fabric Identity to whitelist the application's
redirect-url, which is required as part of the authentication flow.
Once these questions are answered, create a userapp to represent the actual app being built, and provide the user pool, authorization flow, and app domain details determined above. If you need new user pools, create them before creating the userapps. Before integrating with fabric Identity, ensure the following details are available for each userapp :
client-id - A unique ID that represents the userapp, and is required for OpenID Connect authentication flows.
client-secret - An app-specific secret that allows fabric Identity to validate the userapp. This is required only if the userapp will use the classic Authorization Code Flow defined in the OpenID Connect specification.
Authorization Url - The fabric Identity http endpoint that the userapp communicates with to get its access token.
Currently, fabric customers do not have self-service capability to create user pools and userapps by themselves. Contact fabric support for help in creating these.