All Collections
Portal Pages
Design | Authentication | External
Design | Authentication | External

How to authenticate a user with an external identity

Jason Liang avatar
Written by Jason Liang
Updated over a week ago

brainCloud provides support for authenticating users via an external directory. This is done by implementing a custom script that acts as the integration glue between brainCloud and the external directory.

To get started, find external identities page on the brainCloud portal.


In order to create an external authentication identity, a non-client cloud code script must be created ahead of time, brainCloud will use it to access external service. And since the cloud code will call external service by using httpClientSeviceProxy(), so you need to configure your external web service first.

bridge.logInfoJson("Received the postmanexternal script start...", data);

var apiToken = data.authenticationToken;
var externalId = data.externalId;
// Create a proxy to the service
var httpProxy = bridge.getHttpClientServiceProxy();

//The correct path values will be determined by your API at the server side
var path = "userinfo/fff2e452-20c3-44c0-99da-95c5fb1d6f24";

var query = {};

//depended on your server-side how to involve authenticating the sender of a request and verifying that they have permission to access or manipulate the relevant data
var headers = {};
headers.ExternAPIToken = apiToken;

// make the web call, postmanmocker is defined at Web Services portal page
var result = httpProxy.getResponseJson("postmanmocker", path, query, headers);

bridge.logInfoJson("Received the postmanexternal script after getResponseJson...", result);

// Evaluate the result and return
var retval = false;
var bcstatus = result.status;
// retval = result;
if (bcstatus === 200)
bcdata =;
restStatus = bcdata.status;
if (restStatus == 200)
jsondata = bcdata.json;
//this is depended upon how your external server structures the response data for an authenticated user
userid = jsondata.userInfo.userID;
retval = (userid === externalId);
// retval = bcdata;

Note: The parameter names for script data input are “externalId” and “authenticationToken”. These parameters will be passed to the script by the client API authentication method. The script must return a boolean true or false to indicate success or failure.

  • Now, go back to External Identity page. Click the [ + ] at right top corner, enter a name for this new identity, from drop-down box select the external cloud code script that you just created, and click Save.

  • Test external authenticating on API Explore, make sure put right info as below and run it.

Did this answer your question?