Skip to content

Integration

We offer out tenants different ways to integrate with our identity provider.

OAuth Federation

Since we use standardized protocols like OAuth2 and OpenIDConnect we are able to integrate identity providers that support these protocols.

If you plan to integrate applications that require customer context like customer facing UIs, you need to provide a way to present a customer identifier through an endpoint like the OIDC user profile endpoint. Furthermore, a common logout endpoint (token invalidation) needs to be provided when UI logout functionality is required.

Users Webhooks

To fully support the Users service, which is used by other platform services and UIs, a federated provider has to support the following use cases:

  • Retrieve a user by ID (Get(id string) User)
  • Retrieve a user by email (Get(email string) User)
  • Retrieve a user by customer ID (Get(customerID string) User)
  • Delete a user (Delete(id string))
  • Mark a user's email address as verified (MarkEmailVerified(id string))
  • Send a email address verification email to a user (SendVerificationEmail(id string))
  • Send a password reset email to a user (SendPasswordResetEmail(email string))

The User model has to satisfy the following schema: 

{
  "type": "object",
  "properties": {
    "tenant": {
      "type": "string",
      "description": "The user's tenant."
    },
    "id": {
      "type": "string",
      "title": "The identity provider's ID of the user",
      "required": true
    },
    "customer": {
      "type": "string",
      "description": "The customer's ID of the user in the tenant's scope.",
      "required": true
    },
    "email": {
      "type": "string",
      "description": "The email address of the user.",
      "required": true
    },
    "create_time": {
      "type": "string",
      "format": "date-time",
      "description": "The timestamp of creation."
    },
    "update_time": {
      "type": "string",
      "format": "date-time",
      "description": "The timestamp of last update."
    },
    "logins_count": {
      "type": "string",
      "format": "int64",
      "description": "The count of logins."
    },
    "login_time": {
      "type": "string",
      "format": "date-time",
      "description": "The timestamp of the last login."
    },
    "email_verified": {
      "type": "boolean",
      "description": "A flag indicating if the user email is verified."
    },
    "blocked": {
      "type": "boolean",
      "description": "A flag indicating if the user is blocked."
    }
  }
}

We use webhooks to implement the corresponding calls and retrieve/pass the information on request level.