Skip to main content
All CollectionsPortal-X Pages
Design | Authentication | External
Design | Authentication | External

Allows the app to use external directories for authentication.

Jason Liang avatar
Written by Jason Liang
Updated over 8 months ago

brainCloud provides support for authenticating users via an external directory. This is done by implementing a custom script that acts as the integration glue between brainCloud and the external directory.

To get started, find the external identities page on the brainCloud portal.

Implementation

In order to create an external authentication identity, a non-client cloud code script must be created ahead of time, brainCloud will use it to access your external service via HTTP request. And since the cloud code will call external service by using httpClientSeviceProxy(), so you need to configure your external web service first.

  • Go to Design | Cloud Code | Web Services page, click [+New Service], add your external Base URL, and give a name for this.

  • Go to Design | Cloud Code | Scripts page, and click [+] to create a new script.

"use strict";

function main() {

bridge.logDebugJson("postmanapikey inputs", data);

// Grab the input parameters
bridge.logInfoJson("Received the postmanapikey script start...", data);

var apiToken = data.authenticationToken;
var externalId = data.externalId;

// Create a proxy to the service
var httpProxy = bridge.getHttpClientServiceProxy();

//The correct path values will be determined by your API at the server side
var path = "me";

// Create an empty query object
var query = {};
// Setup the header, depended on your server-side how to involve authenticating the sender of a request and verifying that they have permission to access or manipulate the relevant data
var headers = {"x-api-key":apiToken};

// make the web call, postmanapi is defined at Web Services tab
var result = httpProxy.getResponseJson("postmanapi", path, query, headers);

bridge.logInfoJson("Received the postmanapikey script after getResponseJson...", result);

// Evaluate the result and return
var retval = false;
var bcstatus = result.status;
// retval = result;
if (bcstatus === 200)
{
var bcdata = result.data;
var restStatus = bcdata.statusCode;
if (restStatus == 200)
{
var jsondata = bcdata.json;

//this is depended upon how your external server structures the response data for an authenticated use
var userid = jsondata.user.id;
retval = (userid == externalId);
// retval = bcdata;
}
}
return retval;
}

main();

Note: The parameter names for script data input are “externalId” and “authenticationToken”. These parameters will be passed to the script by the client API authentication method. The script must return a boolean true or false to indicate success or failure.

  • Now, go back to the External Identity page. Click the [ + ] at the right top corner, enter a name for this new identity, from the drop-down box select the external cloud code script that you just created, and click Save.

  • Test external authenticating on API Explore, make sure to put the right info as below and run it.

  • If you have done this correctly, you should find a new user is authenticated and you can check this user's credentials from the User | Summary | User Summary page

Did this answer your question?