About App ID
Isn't is awesome when the barista at your local coffee shop remembers your name and usual order? When you're building an application, you might want include that kind of tailored experience to make your users feel special or save them time. But, no matter how tailored your experience, the success of your app depends on your ability to build trust with your users - which comes down to securing their data and protecting the systems that your app accesses. Knowing who is using your app is a key part and it starts with adding sign in functionality. But, as a lot of developers know, adding authentication and authorization to your app is both risky and complex. With IBM Cloud® App ID you can easily add authentication to your applications and host user data in the cloud that can be used to tailor your user experiences.
With App ID configured for your application, your users can sign in directly from your app by using an email or password. Or you can allow the use of social media accounts so that they can use credentials that they are already familiar with. After your users authenticate, you can authorize access to the backend resources that your app uses to tailor their experience. In App ID, you can store information about your users and let your developers use this information as they build their apps.
Reasons to use the service
App ID helps developers to easily add authentication to their web and mobile apps with few lines of code, and secure their Cloud-native applications and services on IBM Cloud. By requiring users to sign in to your app, you can store user data such as app preferences, or information from public social profiles, and then leverage that data to customize each user's experience within the app. App ID provides a log-in framework for you, but you can also bring your own branded screens to use with Cloud Directory.
| Scenario | Solution |
|---|---|
| You need to add authorization and authentication to your mobile and web apps but don't have a background in security. | App ID makes it easy to add an authentication step to your apps. You can add email or user name, social, or enterprise sign-in to your apps with APIs, SDKs, prebuilt UIs, or your own branded UIs. |
| You want to limit access to your apps and back-end resources. | You can secure your apps, back-end resources, and APIs easily by using the standards-based authentication provided by App ID. |
| You want to build personalized app experiences for your users. | With App ID, you can store user data such as app preferences or information from their public social profiles, and then use that data to customize each experience of your app. |
| You want to manage users in a scalable way. | With App ID you can create a Cloud Directory, which makes it possible for you to add user sign-up and sign-in to your apps. Cloud Directory provides you with the framework to maintain a user registry that can scale with your user base. With the pre-built functionality for self-service, such as email verification and password resets, you can be sure that your app is authenticating users securely. |
How it works
With App ID, you can add a level of security to your apps by requiring users to sign in. You can also use the server SDK or APIs to protect your back-end resources.
- Application
- Server SDK: You can protect your back-end resources that are hosted on IBM Cloud and your web apps by using the server SDK. It extracts the access token from a request and validates it with App ID. Client SDK: You can protect your mobile apps with the Android or iOS client SDK. The client SDK communicates with your cloud resources to start the authentication process when it detects an authorization challenge.
- IBM Cloud
- App ID: After successful authentication, App ID returns access and identity tokens to your app. Cloud Directory: Users can sign up for your service with their email and a password. You can then manage your users in a list view through the console. With Cloud Directory, App ID functions as your identity provider.
- External (third party)
- Social and enterprise identity providers: App ID supports Facebook, Google+, and SAML 2.0 Federation as identity provider options. The service arranges a redirect to the identity provider and verifies the returned authentication tokens. If the tokens are valid, the service grants access to your app.
Integrations
You can use App ID with other IBM Cloud offerings.
- Kubernetes Service
- By configuring Ingress in a standard cluster you can secure your apps at the cluster level. Check out the App ID authentication Ingress annotation to get started.
- API Connect
- When you create your APIs with API Connect you can secure your applications at the gateway rather than in your app code.
Standards and certifications
App ID has successfully completed several certifications, audits, and standards.
App ID is based on a set of well-known, industry standard protocols and specifications that are frequently found in both enterprise and consumer facing applications, the OAuth 2.0 Authorization Framework and Open ID Connect. OAuth 2.0 is used to obtain and verify authorization for accessing protected resources. Open ID Connect then adds a layer of authentication and identity protection to your application.
See section 5.4 of the App ID software product compatibility report to review a complete list of certifications. In addition to the certifications, App ID is also compliant in the following specifications: OAuth 2.0, OpenID Connect, JSON Web Token (JWT), JSON Web Signature (JWS), System for Cross-domain Identity Management (SCIM).