Skip to content
This repository has been archived by the owner on Apr 27, 2021. It is now read-only.

How It Works

Jump to bottom
John Parsons edited this page Apr 24, 2019 · 11 revisions

How does Fabric.Identity work?

Fabric.Identity follows the OpenID Connect protocol and readers are encouraged to review additional OpenID Connect resources

Main Fabric.Identity Components

Fabric.Identity flow has 4 major components:

  • Client: Also known as 'client application', 'service provider', or 'relying party'. A client is an application that requests tokens from Fabric.Identity to authenticate a user or control accessing a resource such as an identity resource (e.g., user's email address) or an API resource

  • Fabric.Identity: A microservice that is designed to provide authentication service as well as provide access control to other resources such as other APIs, or user's identity resources.

  • API Resource: APIs that are registered with Fabric.Identity that controls access to API from clients through authentication process. An example of an API resource that Fabric.Identity controls access to is Fabric.Authorization.

  • External Identity Provider:  An external identity provider is an external service that provides authentication for users. Fabric.Identity does not support local accounts, and only integrates with external identity providers. Examples of external identity providers are Active Directory, Azure Active Directory and Google Authentication.

Fabric.Identity Authentication Flow

  1. User launches client application
  2. Client sends authentication request to Fabric.Identity
  3. Fabric.Identity requests and receives user credential
  4. Fabric.Identity handles user authentication with an external identity provider
  5. Fabric.Identity either directly returns an JWT access token in the implicit flow or it exchanges authorization code and id token with client before returning an access token in the hybrid flow. Client can also request identity resources in this exchange. Identity resources are information about a particular user such as their address, email, username, groups or roles.
  6. Once client has an access token from Fabric.Identity, it can then use the access token to access other API resources that are gated by Fabric.Identity.

For a more detailed discussion of the above concepts, refer to IdentityServer4 documentation.

Video Resource

This is a short introduction video to Fabric.Identity:

Fabric Introduction

Table of Contents

Overview

API Reference

Installation and Configuration

Clone this wiki locally