Mosaic products documentation: Concepts, API Reference, Technical articles, How-to, Downloads and tools

Configure AxAuth IDP for End-User Applications


The AxAuth IDP is a managed ID Provider supported by Mosaic User Service. AxAuth serves the special purpose of maintaining a standalone user store for an end-user application. If the end-user application intends to give a user sign up feature, in addition to enabling authentication from known IDPs, the developers can use AxAuth to deliver this functionality.

This article describes how a User Store in AxAuth can be configured to be used in the User Service.

Enabling required services

Configuring AxAuth IDP for end-user application user management requires the Mosaic environment to have both AxAuth and User services enabled.

environment enabled services
Figure 1. Enabled Services in the Environment

Configuring an AxAuth User Store

After the environment has AxAuth service enabled, in the Service Configuration station in the environment, you will find the following tile related to the configuration of AxAuth service.

service config user store
Figure 2. AxAuth Service Configuration

Click on User Stores tile. It will navigate you to the User Stores explorer station.

user store explorer
Figure 3. User Stores explorer

Click on the New button on the top right corner. That will navigate you to the New User Store station.

user store new
Figure 4. New User Store

Specify a name for the user store. Pick the category as end-user, since we’re configuring this user store to be used with end-user applications, and then define the User Sign Up Webhook and Forgot Password Webhook.

The User Sign Up Webhook handles the user sign up flow, and should eventually call the completeUserSignUp mutation exposed by the User Service graphql endpoint.

The Forgot Password Webhook handles the password reset flow, and should eventually call the completeEndUserPasswordReset mutation as the final step.

After filling in the details, it should look similar to figure 5. Click on Proceed to save the configuration.

user store new filled
Figure 5. New User Store with basic configuration

After clicking on Proceed, you will be taken to the User Store Details station. It should display the settings you just configured.

user store details
Figure 6. User Store Details station

The next step is to create an OAuth client to be used in the User Service IDP Connection configuration. To do this, click on the OAuth Clients button in the side pane. This will take you to the OAuth Client explorer station. Click on the New button on the top right corner.

oauth clients explorer
Figure 7. OAuth Clients Explorer station

Give a name to the new OAuth Client and define the Allowed Redirect URLs. Click on Proceed to save.

oauth client details
Figure 8. OAuth Client Details station

This station gives you one more option related to the OAuth Client you just created. That is to allow user sign up. Since we’re configuring the OAuth Client for an end-user application and we need the users to give the ability to sign up for our application themselves, we can leave this property checked.

There is two very important pieces of information in this station, which are the Client ID and the Client Secret for the OAuth Client. These two values are required when we configure the IDP Connection in User Service, so copy it for later use.

If there is any requirement to create a new Client Secret, that can be done using the Re-Generate Client Secret option in the side pane.

Configuring the User Service

The AxAuth IDP is a supported managed IDP in User Service. So we need to define the OAuth Client we just configured in AxAuth User Store as a IDP Connection.

Navigate to the Service Configuration station in your environment, and click on the IDP Connections tile.

config options
Figure 9. User service configuration options

You will be navigated to the IDP Connections Explorer station. Click on the New button on the top right corner.

idp connections explorer axauth
Figure 10. IDP Connections Explorer

This will take you to the New IDP Connection station. Select AxAuth as the Provider and give an appropriate title for the connection. Then click Proceed.

idp connection new axauth
Figure 11. IDP Connections Explorer

You will be taken to the IDP Connection Details station, where the default values for the AxAuth provider will be filled. (Discovery Document URL and Scopes) Paste the Client ID and Client Secret you copied from the AxAuth User Store OAuth Client in the respective fields. Set the status as Enabled and save.

idp connection details axauth
Figure 12. IDP Connection Details

The final step would be to connect the IDP Connection created for AxAuth to the Application instance in the User Service.

We can do that by navigating to the Application Details station of the application the IDP Connection should be connected to and then clicking on the Manage IDP Connections button on the left pane.

application details
Figure 13. IDP Connection Details

The Manage IDP Connections station will have any IDP Connections that are already connected to the application. Click on the + button to get the available IDP Connections list and select AxAuth from it.

application idp connections
Figure 14. Manage IDP Connections
application select idp connection axauth
Figure 15. Select IDP Connection

After selection, the Manage IDP Connection station should look similar to the below figure.

application selected idp connection axauth
Figure 16. Manage IDP Connections with AxAuth

The application is now configured to use AxAuth IDP.