Platform Authenticator

How to Integrate the Beyond Identity Authenticator with a web application

Introduction

The Beyond Identity Authenticator is a native branded authenticator app which uses our core technology to authenticate users without a password. You can read up on our core technology here . The Authenticator is available on iOS, Android, Windows, MacOS and Linux and can be downloaded from our download page.

This guide provides information on how to:

  • Implement Beyond Identity as a passwordless authentication method for a Customer Identity Access Management (CIAM) use case.
  • Integrate with Beyond Identity using the OIDC / OAuth2.0 protocol

You should continue with this guide if you want to implement passwordless authentication for a custom web application using Beyond Identity's platform authenticator. If you are looking to integrate a native iOS or Android app with the platform authentication please head over to the Android Authenticator SDK or the iOS Swift Authenticator SDK

Prerequisites

  • Access to a Beyond Identity tenant
  • Access to a client library that implements the OpenID Connect standard in the implementer’s language of choice.

📘

Live Demo

Visit our Acme Pay demo to try out the experience for yourself.

Implementation Details

The Beyond Identity platform has two components.

  • A cloud based system where our OIDC IDP, analytics, auditing and policy reside.
  • A client based Platform Authenticator which could be:
    • Stand-alone, implemented by Beyond Identity and deployed by users to their own endpoints.
    • Embedded (SDKs), applications embed the Beyond Identity authentication flow into their web or
      native clients.

In both cases the authentication flow is implemented using the Open ID Connect protocol as specified in: OpenID Connect Core 1.0

Implementers of the authentication flow can use freely available open source OpenID Client libraries to initiate an authentication request against the Beyond Identity Cloud based OIDC IDP.

As an example if you wanted to implement Beyond Identity with a Node.js Web Application you can use the OpenID Connect middleware library openid-client. openid-client is a server side OpenID Relying Party (RP, Client) implementation for Node.js runtime, that supports passport.

OIDC Endpoints and Protocol Information

📘

OIDC Configuration

All URLs used during the authentication sequence described in the next two sections can be found in the OpenID configuration.

Token Response:

{
  "access_token": "<ACCESS_TOKEN>",
  "token_type": "Bearer",
  "expires_in" <TOKEN_EXPIRE_TIME_SEC>
}

Enrol users

To register new users for use with the platform authenticator you will need to create a self-service sign-up flow or provision users manually either via the admin console or API.

We have provided some guidance on how we recommended creating a self service sign-up flow with Beyond Identity's APIs. You follow the User Sign-up flow guide or take a look at the Create User endpoint.

You can see an example self-service registration flow on the Live Demo Application we have provided.


Did this page help you?