Authentication Service

The Identity Server can be used as an Authentication Service. How to enable and configure this is described in the admin guide for the Authentication Service. In this section of the developer manual though, we described, from a developer’s point of view, how to integrate with the Authentication Service.


Some authenticators can be interacted with through APIs. These are described in the Authenticators section.


Any Authentication Service profile can expose endpoints for:

Endpoints that are used to identify and authenticate an end user
Endpoints where a user can create a new account, provision a device, reset their password, etc.
Endpoints where un-authenticated access can be done, mostly informational pages, but can also be used for out of band mapping.

Registration and account activation are optional endpoints that will only be exposed if the requisite plug-ins are installed and the server is configured to provide them.