Extending Cloudentity Capabilities
When purchasing platform subscriptions, developers get a set of generic tools common for all organizations. What if your usecase is more advanced and need-specific? Learn how Cloudentity enables developers to extend its platform capabilities to solve company-specific, complex challenges.
Tailor Cloudentity to Satisfy Specific Business Requirements
Cloudentity delivers an advanced authorization platform that satisfies most of the authorization workflows and usage out of the box. In case an organization has specific workflows and it needs to tailor some of them to enable the Cloudentity platform to communicate with external services, we have a solution for you! Cloudentity provides highly customizable extension hooks in various parts of the platform to customize the product to your needs.
If your organization needs to:
Enhance the authentication context after user authentication to decorate it with more business data relevant to the user stored in other services/systems within the infrastructure like entitlements services, permission services, subscription services, and more.
Dynamically display selected identity providers to users based on varying criteria including request parameters, user attributes , user permissions , user partner mapping, and more.
Inject more OIDC claims or custom claims irrespective of the identity provider claims and authentication flow by fetching the claims' values from external systems or translating existing attributes within the already existing context.
Search no more, we have tools to help you!
Cloudentity Extension Hooks
Cloudentity enables developers to extend platform capabilities by integrating with various external products and other components using Cloudentity Extensions. Cloudentity extensions are written in JavaScript(JS). JavaScript is one of the world's most popular programming language. JavaScript ecosystem has many libraries and frameworks with established programming practices, and substantial usage of JavaScript outside of web browsers. This allows developers to easily code up extensions very quickly and with very less learning curve. Once an extension's JavaScript function is authored within Cloudentity, at runtime, the function is securely executed in a separate execution context and the function response is provided back to Cloudentity thereby increasing the security.
Cloudentity provides an advanced built in extension development builder that allows extension developers to create, test, and debug extension scripts. This builder also has a selection of JavaScript libraries to be utilizied, as well as it has an auto complete features to aid developers and speed up the extension creation process. The development builder also offers a good set of sample extension scripts to choose from to see extension patterns.
Extension Points and Sample Use Cases
Currently, Cloudentity enables developers to extend the platform at three different extension points:
Before user authentication extension point
Extensions added at the user authentication extension point modify the login flow for the users. With such Extensions, With such extensions, authentication providers for users can be dynamically configured based on varying conditions. With Extensions, you can, for example:
Display selected identity sources based on a specific domain
Display selected identity sources that are connected to a specific client application
Display selected identity sources based on the incoming IP address
Display selected identity sources based on the provider user name
Post user authentication with an identity source
Extensions that placed post user authentication are used to enhance the authentication context after the user got authenticated. You may want to use this extension point to:
Fetch data (such as user permissions) from an external system
Overwrite static attributes in the authentication context, for example, to dynamically set authentication methods reference (AMR) and authentication context class references (ACR) claims for Open Banking
Enhance authentication context to leverage risk analytics data from a risk platform/engine
Enhance authentication context with fine grained permissions for the user that resides in an external service
Enhance context with business domain data like subscription, licensing, and more by interacting with business systems
Enhance authentication context with static attributes
Transform claims from an ID token that comes from an identity source
Before security tokens are minted
With Extensions added before token minting, developers can enrich claims within various security tokens (access tokens , ID tokens , or refresh tokens) issued by Cloudentity.
Pull data (such as user permissions) from an external system
Overwrite static attributes
Populate tokens with risk analytics data coming from external services
Populate tokens with fine grained permissions for the user that resides in an external service
Populate tokens with business information about the user to enrich claims with information on, for example, subscription or licensing.
Extensions Builder
Cloudentity Extension Builder enables developers to write, test, and debug Extension Scripts with an IDE-like experience. To learn how to work with the Extension Builder and get familiar with its capabilities, see Create Extension Scripts.
To enable developers to extend the platform, Cloudentity allows to use a vast number of different JavaScript-based libraries as dependencies to the Extension scripts. Such libraries include, for example:
To learn what libraries are available and what is their version, navigate to the Extensions development environment within the workspace of your choice (Extensions > Scripts).
Adding New Dependencies
If you are working on extending Cloudentity and you need a specific library which is not available in the Dependencies list, contact Cloudentity Sales Team and we will see what we can do to help you!