Authentication and User Management Service

The Agglestone Authentication and User Management Service is a comprehensive, standards-based authentication platform built on OAuth2 and OpenID Connect. It provides everything you need to secure your applications and manage your users, with complete tenant isolation and flexible integration options.

Quick Overview

The service offers:

• OAuth2 and OpenID Connect authentication flows with PKCE support
• Multi-Factor Authentication (MFA) using TOTP
• User and Group Management through REST APIs
• Backend-for-Frontend (BFF) pattern support for enhanced security
• Customizable UI for login, password reset, and MFA pages
• Configurable Security Policies including password requirements, attempt limits, and token expiration
• Multi-tenant Architecture with complete tenant isolation

Documentation

Getting Started

• Overview – Introduction to the service, its capabilities, and who it’s for
• Quick Start Guide – Get OAuth2 and OpenID Connect authentication working in minutes

Feature Documentation

• Authentication Features – Comprehensive guide to all authentication capabilities including OAuth2/OpenID Connect flows, MFA, password management, security controls, and token management
• User and Group Features – User management capabilities, group organization, and access control features
• Backend-for-Frontend Pattern – Secure authentication pattern where tokens never reach the browser, with API proxying requirements

Integration Guides

• Integration Guides Index – Complete guide to all integration documentation
• Login and Logout – Understanding the OAuth2 authorization code flow with PKCE
• Validating JWTs in Your Backend – Step-by-step guides for validating JWTs in various backend frameworks
• Password Management – Forgot password, password reset, and password requirements
• Multi-Factor Authentication (MFA) – Setting up and managing TOTP-based MFA
• Users and Groups Management – REST API guide for user and group operations
• Using API Keys – Server-to-server authentication with API keys
• OpenID Connect Discovery – Using the discovery endpoint for automatic configuration
• Backend-for-Frontend Implementation – Step-by-step implementation guides for BFF authentication

Standards and Protocols

The service is built on industry standards:

• OAuth2 (RFC 6749) – Authorization framework
• OpenID Connect – Identity layer on top of OAuth2
• PKCE (RFC 7636) – Enhanced security for public clients
• JWTs (RFC 7519) – Secure, verifiable tokens
• TOTP (RFC 6238) – Time-based one-time passwords for MFA

Common Integration Paths

Frontend Applications

1. Start with the Quick Start Guide
2. Review Login and Logout for the authentication flow
3. Explore Authentication Features for available capabilities
4. Consider Backend-for-Frontend Pattern for enhanced security

Backend Services

1. Read Validating JWTs in Your Backend to verify tokens
2. Review Users and Groups Management for user management APIs
3. Check Using API Keys for server-to-server authentication
4. Consider Backend-for-Frontend Implementation for maximum security when tokens should never be readable by the browser

Full-Stack Applications

1. Follow the Quick Start Guide for complete authentication flow
2. Review Authentication Features and User and Group Features
3. Implement Validating JWTs in Your Backend to secure your APIs
4. Use Users and Groups Management for user administration
5. For enhanced security, consider Backend-for-Frontend Implementation to keep tokens secure

Resources

• API Documentation: Interactive Swagger UI at https://auth.agglestone.com/swagger
• Portal: Manage your tenant settings at https://portal.agglestone.com
• Service Base URL: https://auth.agglestone.com/

—

Ready to get started? Begin with the Overview or jump straight to the Quick Start Guide!