Bring your own identity management provider with App Center Auth

[amchew]

App Center Auth in early preview enables developers to connect to their Azure AD B2C tenant. However, we fully expect our developers to use other popular identity and access management providers such as Auth0, Firebase Authentication, and Ping Identity. To broaden our reach and support for Auth and Data, we will add the feature for developers to bring their own identity management providers with support for our MBaaS services. Developers will be able to connect their own identity management providers and use the JSON Web Token returned to identify the signed in user (via account_id).

Leave a comment below on the identity access and management providers you are using, and any additional experiences that you may need!

Here are some sample designs:

For Auth0:

For Firebase:

Landing page:

[Behrad-iz]

Do you guys have an estimation when this feature will be available? We need to use Auth0 Thanks

[amchew]

Hey @Behrad-iz! We have the work queued up for Bring your own Identity with Auth0 in the next couple of months, and is next on the priority list. I'd love to hear more about your use case, would you be keen on chatting some time this or next week? Email me at amchew [at] microsoft [dot] com if so!

[amchew]

Hi @behrad-iz, thanks again for chatting today! The work for Bring your own Identity with Auth0 and Firebase Authentication has just been picked up by our engineering team today, and will keep you updated on the progress! For the rest of the folks, we're looking for beta testers to give feedback, so feel free to comment here if you'd like to help us shape our product.

[amchew]

Thanks a lot @galfonso777 for the feedback! Will connect with you via email.

[StarbuckSapien]

The company I'm working with is using Amazon Cognito User Pools for B2C user authentication for their new Xamarin project.

[amchew]

Hi @StarbuckSapien, thanks for commenting :) We'll start with enabling users to connect to their Auth0 and Firebase Authentication tenants and projects respectively as these were the top two most used identity management providers based on a survey we conducted. Integrating with Amazon Cognito is on our roadmap.

Others, do upvote or comment if you're using Amazon Cognito! We do reprioritize based on your feedback.

[gaurap]

So the sub-claim used and how the new SID is calculated should be documented. From Firebase documentation we don't see the account ID. client_id and client_secret is today added as part of web app configuration. So how those will be set when using Firebase?

Firebase team didn't come with any new light on this. Only that there is no solution currently to integrate Azure to Firebase - except if we do something custom.

So for Firebase auth, it would help to describe in detail what happens to the user ID's and how stable they are and how they will be calculated?

[NOTE: I'm raising this on-behalf of one of our customers]

[amchew]

Hey @gaurap, thanks for reaching out! The experience is easy when you connect your Firebase project to Auth, you just have to input the project id and we'll collect all the information from Firebase. You won't have to input client_id or client_secret.

Here's a sneak peek of how it looks like:

Once the user has signed in to the app, and the identity is stored in the Firebase tenant, and you'll get back an account_id in App Center that you can uniquely identify that user.

[Gakk]

Hi. Our company noticed this issue in the #1322, and are planning to integrate Auth0 with App Center.

Then I noticed the issue had been moved from September to October and now November. How is the priority between this issue and others on the plan for November. Do you believe it will be included this time? If there is a large probability it will be pushed to December, then we will have to make a temporary solution 😇

[akamud]

Our client has dropped the idea of using AppCenter Data because he has his own IdentityServer implemented and there is no way to use it as a identity provider for AppCenter Auth right now. At least not without having to maintain two users database (his own and Azure B2C)

Any plans on supporting any OpenID provider? What would be the difference for Auth since my client’s IS exposes all the .well-known urls?

[akamud]

Any plans on supporting any OpenID provider? What would be the difference for Auth since my client’s IS exposes all the .well-known urls?

Can anyone comment on this questions please?

[bnoffer]

I can second @akamud 's request, because our company has developed its own IDP. We could build a solution as a Federated IDP with Azure AD B2C, but I think eliminating the additional layer would be preferred so we do not generate two different user databases.

[akamud]

I can second @akamud 's request, because our company has developed its own IDP. We could build a solution as a Federated IDP with Azure AD B2C, but I think eliminating the additional layer would be preferred so we do not generate two different user databases.

That is exactly what we are trying to avoid.

[akamud]

Hi @amchew, can you please provide any information about our requests?

[marthinfreij]

Would be nice with support for Sign in with Apple.

[galfonso777]

@amchew Is App Center still being iterated and/or supported? Haven't seen any updates to iteration plans since December and haven't see any roadmap for 2020. This is one of the several features that my company is monitoring which will determine how implement Auth moving forward with all our applications. Any update you could provide would be much appreciated. Thank you.

[Zakeelm]

Thank you so much for your feedback. Unfortunately, this work won't be completed. We announced this week in a blog post that we’re retiring the Auth and Data services later this year and recommending customers transition to Azure Active Directory B2C and Azure Cosmos DB instead. Let me know if you have any additional questions about this transition and i'll make sure to get them answered! Closing this issue.