fabric Identity provides a default user pool for all user apps created by a particular merchant. If the developers need to separate the user app end users, new user pools can be created and associated with the respective user apps. Before integrating a user app with fabric Identity, determine the authentication scenario for the app by answering the following questions:
  • Does this user app need to share end users with other apps? If so, have the necessary user pools been created?
  • Which flow will the user app use?
    • Authorization Code Flow with PKCE: fabric recommends using this flow for all user applications unless there is no PKCE support available within a specific device or browser.
    • Authorization Code Flow: This is the classic Authorization Code Flow mentioned in the OpenID Connect specification. It should be used only if PKCE flow isn’t supported in the app environment. This flow requires a backend-for-frontend layer within the user app that, in turn, integrates with fabric Identity.
  • What’s the user app’s domain name? This is required for fabric Identity to whitelist the application’s redirect-url, which is required as part of the authentication flow.
Once these questions are answered, create a user app to represent the actual app being built, and provide the user pool, authorization flow, and app domain details determined above. If you need new user pools, create them before creating the user apps. Before integrating with fabric Identity, ensure the following details are available for each user app : client-id - A unique ID that represents the user app, and is required for OpenID Connect authentication flows. client-secret - An app-specific secret that allows fabric Identity to validate the user app. This is required only if the user app will use the classic Authorization Code Flow defined in the OpenID Connect specification. Authorization Url - The fabric Identity HTTP endpoint that the user app communicates with to get its access token. Currently, fabric customers don’t have self-service capability to create user pools and user apps by themselves. Contact fabric support for help in creating these.