We launched new developer portal. For the latest documentation visit developer.cloudentity.com
Home > Features > Extensions

Extending Cloudentity

When purchasing platform subscriptions, developers get a set of generic tools common for all organizations. What if your usecase is more advanced and need-specific? Learn how Cloudentity enables developers to extend its platform capabilities to solve company-specific, complex challenges.

Tailor Cloudentity to Satisfy Specific Business Requirements

ACP delivers an advanced authorization platform that satisfies most of the authorization workflows and usage out of the box. In case an organization has specific workflows and it needs to tailor some of them to enable the ACP platform to communicate with external services, we have a solution for you! ACP provides highly customizable extension hooks in various parts of the platform to customize the product to your needs.

If your organization needs to:

  • Enhance the authentication context after user authentication to decorate it with more business data relevant to the user stored in other services/systems within the infrastructure like entitlements services, permission services, subscription services, and more.

  • Dynamically display selected identity providers to users based on varying criteria including request parameters, user attributes , user permissions , user partner mapping, and more.

  • Inject more OIDC claims or custom claims irrespective of the identity provider claims and authentication flow by fetching the claims' values from external systems or translating existing attributes within the already existing context.

Search no more, we have tools to help you!

Cloudentity Extension Hooks

ACP enables developers to extend platform capabilities by integrating with various external products and other components using ACP Extensions. ACP extensions are written in JavaScript(JS). JavaScript is one of the world’s most popular programming language. JavaScript ecosystem has many libraries and frameworks with established programming practices, and substantial usage of JavaScript outside of web browsers. This allows developers to easily code up extensions very quickly and with very less learning curve. Once an extension’s JavaScript function is authored within ACP, at runtime, the function is securely executed in a separate execution context and the function response is provided back to ACP thereby increasing the security.

ACP provides an advanced built in extension development builder that allows extension developers to create, test, and debug extension scripts. This builder also has a selection of JavaScript libraries to be utilizied, as well as it has an auto complete features to aid developers and speed up the extension creation process. The development builder also offers a good set of sample extension scripts to choose from to see extension patterns.

Extension Points and Sample Use Cases

Currently, ACP enables developers to extend the platform at three different extension points:

  1. Before user authentication extension point

    Extensions added at the user authentication extension point modify the login flow for the users. With such Extensions, With such extensions, authentication providers for users can be dynamically configured based on varying conditions. With Extensions, you can, for example:

    • Display selected identity sources based on a specific domain

    • Display selected identity sources that are connected to a specific client application

    • Display selected identity sources based on the incoming IP address

    • Display selected identity sources based on the provider user name

  2. Post user authentication with an identity source

    Extensions that placed post user authentication are used to enhance the authentication context after the user got authenticated. You may want to use this extension point to:

    • Fetch data (such as user permissions) from an external system

    • Overwrite static attributes in the authentication context, for example, to dynamically set authentication methods reference (AMR) and authentication context class references (ACR) claims for Open Banking.

    • Enhance authentication context to leverage risk analytics data from a risk plaform/engine

    • Enhance authentication context with fine grained permissions for the user that resides in an external service

    • Enhance context with business domain data like subscription, licensing, and more by interacting with business systems

    • Enhance authentication context with static attributes

    • Transform claims from an ID token that comes from an identity source

  3. Before security tokens are minted

    With Extensions added before token minting, developers can enrich claims within various security tokens (access tokens, ID tokens, or refresh tokens) issued by ACP.

    • Pull data (such as user permissions) from an external system

    • Overwrite static attributes

    • Populate tokens with risk analytics data coming from external services

    • Populate tokens with fine grained permissions for the user that resides in an external service

    • Populate tokens with business information about the user to enrich claims with information on, for example, subscription or licensing.

Extensions Builder

To enable developers to extend the platform, ACP allows to use a vast number of different JavaScript-based libraries as dependencies to the Extension scripts. Such libraries include, for example:

  • axios dependency for making, for example, XMLHttpRequests from the browser

  • lodash dependency that makes it easier to work with numbers, arrays, strings, objects, and more

  • express dependency for routing and using, for example, HTTP helpers

  • and much more.

To learn what libraries are available and what is their version, navigate to the Extensions development environment within the workspace of your choice (Extensions > Scripts).

Adding New Dependencies

If you are working on extending ACP and you need a specific library which is not available in the Dependencies list, contact ACP Sales Team and we will see what we can do to help you!