Skip to content
/ account-linking-recipes Public

How to link account records together, then use a consistent access token identity in calls to APIs

curity.io/resources/learn/account-linking-recipes/

License

Apache-2.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

curityio/account-linking-recipes

BranchesTags

Repository files navigation

Account Linking Recipes

Demonstrates techniques for handling user accounts and access token identities.
Once each recipe is understood, it can also be adapted to other authentication providers.
When required, the use of actions can scale to provide solutions to complex problems.

Prerequisites

  • Ensure that Docker is installed
  • Copy a license file for the Curity Identity Server to the root folder
  • Install the ngrok tool to enable the use of online OAuth Tools for testing

Also, ensure that your computer's Curity Docker image is up to date:

docker pull curity.azurecr.io/curity/idsvr

Deployed System

The deployed system uses as Admin UI at https://localhost:6749/admin with a login of admin / Password1.
Use the Admin UI if you want to inspect the configuration, to understand the use of actions.

Use Case 1: Default Passwords

Configure this use case with the following setup, to use default username and password based authentication:

export USE_NGROK=true
./deploy.sh
./apply-use-case.sh ./config/1-configure-default-passwords.xml

The Default Identity Behavior document explains this flow and its associated data.

Use Case 2: Add an Extra Login Method

Next use Google as an extra login method, and link Google identities to accounts for existing and new users.
To test this scenario, redeploy the system with extra configuration:

export USE_NGROK=true
export GOOGLE_CLIENT_ID='myclientid'
export GOOGLE_CLIENT_SECRET='myclientsecret'
./deploy.sh
./apply-use-case.sh ./config/2-configure-extra-login-method.xml

The Extra Login Identity Behavior document explains this flow and its associated data.

Use Case 3: Use External Accounts

This scenario does not use the default password option and instead manages logins via Azure Active Directory.
The Azure AD identity becomes the main account, and other accounts can link to it:

export USE_NGROK=true
export AZURE_AD_METADATA_URL='https://login.microsoftonline.com/mytenantid/v2.0/.well-known/openid-configuration'
export AZURE_AD_CLIENT_ID='myclientid'
export AZURE_AD_CLIENT_SECRET='myclientsecret'
./deploy.sh 
./apply-use-case.sh ./config/3-configure-external-accounts.xml

The External Account Identity Behavior document explains this flow and its associated data.

Use Case 4: Migrating to Passkeys

This scenario demonstrates an opt-in migration from passwords to passkeys.
Users can upgrade to passkeys, or continue to use passwords if they prefer.
The solution uses dynamic logic to identify the user's authentication method.

export USE_NGROK=true
./deploy.sh
./apply-use-case.sh ./config/4-configure-migrating-to-passkeys.xml

The Migrating to Passkeys Behavior document explains this flow and its associated data.

Free Resources

Run the following script to free up all Docker resources once you have finished testing:

./teardown.sh

Website Documentation

See the Account Linking Recipes website articles for the main documentation.

More Information

Please visit curity.io for more information about the Curity Identity Server.

About

How to link account records together, then use a consistent access token identity in calls to APIs

curity.io/resources/learn/account-linking-recipes/

Topics

oauth2 authentication openid-connect use-case account-linking passkeys authentication-action

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

4 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages