Federated Authentication

Federated Authentication allows network administrators to use the already existing identity providers in order to authenticate users, instead of manually creating and managing the accounts in The Things Stack.

This is the reference for Federated Authentication.

It covers the available providers and how to configure them.

Who is it for?

Federated Authentication is targeted at network operators that would like to use external authentication services.

Typical use cases

  1. Managing user access in an external identity provider.
  2. Maintaining a unique identity registry, as opposed to having to manually manage users in The Things Stack.

How does it work?

Federated Authentication delegates the task of authenticating the user to an external Authentication Provider, allowing the user to present an identity token back to the Identity Server after the procedure is done. The Identity Server then checks the validity of the token with the Authentication Provider and if the token is deemed valid, allows the user to login in The Things Stack.

OpenID Connect

OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows the Identity Server to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner. Requirements A new OAuth 2.0 client must be created in the provider and the client ID and client secret must be noted down. While creating the OAuth2 client, you will be asked to provide a redirect URL, which should have the following format:
Read
← Overriding Templates OpenID Connect →