Skip to main content

Platform Extensions and App Marketplaces

info

Authress Platform Extensions are a OAuth2.1 service platform. Your users can log into other services using their identity in your Authress account on your marketplace platform.

What are Platform Extensions?โ€‹

Manage extensions in the Authress Management Portal: platform extensions

This section refers to building an app Marketplace. Your product offers core features and part of the offering enables third party developers or customers to build plugins or extensions using your solution. A good example of this is Slack or Shopify. Those platforms offer third parties the ability to build extensions on top.

The security for your platform also needs to be centralized to extend security to these extension. Authress provides Platform Extensions as the solution.

Before we continue, let's highlight some vocabulary:

  • users - We'll refer to your first-class end-users as users, these users interact with your platform directly.
  • account owner - The user that owns the customer account.
  • extension developers - We'll reference to your users that create and deploy extensions for other users to log in as extension developers or developers.
  • SSO - the mechanism by which your users log into your platform, usually by redirecting them through Authress to their corporate IdP or using a federated login provider.
  • user identity or platform identity - The user's data related to their SSO login, their ID or sub generated by Authress.
  • extension identity - The user's data mapped from their platform identity to the extension also generated by Authress. This extension identity does not contain any user data from your platform or from Authress other than the tenantId. The keeps your users' data secure.

Extension componentsโ€‹

Here is a quick summary of the different components of extensions, each of these is a link to the follow sections in more details:

Users log into your platformโ€‹

Jump to logging into your platform

In your extension marketplace, you have two different kinds of users:

  • Users that log directly into your platform
  • Users who are developers who build extensions to be used with your platform

Developers create a third party extensionโ€‹

Jump to managing extensions

The developer users will create and register extensions in your platform. These extensions will have their own resources as well as attempt to access the resources of your logged in users. They will need at Authress service client. Authress service clients track programmatic entities and their permissions to access resources.

Users enable the extensionโ€‹

Jump to installing extensions

Once the extension is created by an extension developer, your users will have to enable that extension for their account. It would not make sense to grant every extension access to every one of your customer accounts. So there should be an explicit step that your users will go through to install or enable the extension.

Users log into the extensionโ€‹

Jump to extension authentication

After a user has enabled an extension for their account. They'll likely navigate to the extension to configure it. To do so they might go to a website created by the extension developer. That website will ask them to log in with their Platform Identity. This will direct them to your Authress managed login page to log in.