Secure your Cloud Native application with IBM Cloud App ID

Developer time to value is critical when building applications. What’s even more important is ensuring that the right people are kept out and the right people are allowed in to access the valuable data served by applications. It’s critical in today’s world that the proper tools enable developers to rapidly build applications and provide robust security capabilities. By integrating IBM Cloud App ID into your apps, you can secure resources and add authentication even when you don’t have a lot of security experience.

What is IBM Cloud App ID?

IBM Cloud App ID is a cloud service that allows developers to easily add authentication and authorization capabilities to their applications while all the operational aspects of the service are handled by the IBM Cloud Platform.

IBM Cloud App ID

App ID is intended for developers that don’t need or want to know anything about various security protocols. The service provides capabilities like Cloud Directory (a highly scalable user repository in the cloud), enterprise identity federation, social login, SSO, customizable Login Widget UI, flexible access controls and user profiles, multi-factor authentication, a set of open-sourced SDKs for easy app instrumentation, and more.

A major benefit of using App ID is the deep integration with other IBM Cloud components that creates a seamless experience for easy protection of cloud native applications, including IBM Cloud Kubernetes Service, Cloud Functions, Cloud Foundry, API Connect, Activity Tracker, and more.

How it works?

With App ID, you can add a level of security to your apps by requiring users to sign in. You can also use the server SDK or APIs to protect your back-end resources.

How App ID works

Tutorial: Protecting the Node.js Web applications using IBM Cloud App ID and running in Kubernetes.

In this tutorial you will deploy a simple node.js web application in Kubernetes cluster and protect it using the IBM Cloud App ID service.

Step 1: Create a service instance

Create and bind an instance of App ID to your app to get started.

1. Check to be sure that you have the IBM Cloud prerequisites.
2. In the IBM Cloud catalog, select App ID. The service configuration screen opens.
3. Give your service instance a name, or use the present name.
4. Select your pricing plan and click Create.

App ID

That’s it! You’re ready to start configuring your application settings.

Step 2: Configure a sample app

Prerequisites:

Before you begin make sure that IBM Cloud CLI, docker and kubectl installed and that you have a running Kubernetes cluster. You also need an IBM Cloud container registry namespace (see https://cloud.ibm.com/kubernetes/registry/main/start). You can find your registry domain and repository namespace using ibmcloud cr namespaces.

1. Download the sample node app
2. Login to IBM Cloud.ibmcloud login --sso
3. Run the following command, it will output an export command.ibmcloud ks cluster-config {CLUSTER_NAME}
4. Set the KUBECONFIG environment variable. Copy the output from the previous command and paste it in your terminal. The command output looks similar to the following example:export KUBECONFIG=/Users/$USER/.bluemix/plugins/container-service/clusters/mycluster/kube-config-hou02-mycluster.yml
5. Bind the instance of App ID to your cluster.ibmcloud ks cluster service bind -c {CLUSTER_NAME} -n default --service {APP_ID_INSTANCE_NAME}

6. Find your cluster’s public endpoint {CLUSTER_ENDPOINT}. Note: If you are using the free version of kubernetes (with only 1 worker node) you can use your node’s public IP instead, which you can find using:ibmcloud ks workers -c {CLUSTER_NAME}

7. Edit the kube_deployment.yml file.

Edit the image field of the deployment section to match your image name. The name of your image should be {REGISTRY_DOMAIN}/{REPOSITORY_NAMESPACE}/appid-node-sample:{APP_VERSION}).

Edit the Binding name field to match yours. It should be binding-{APP_ID_INSTANCE_NAME}.

Edit redirectUri’s value to include your cluster’s IP. The value should be http://{CLUSTER_ENDPOINT}/ibm/cloud/appid/callback

Optional: Change the value of metadata.namespace from default to your cluster namespace if you’re using a different namespace.

8. Build your Docker image.docker build -t {REGISTRY_DOMAIN}/{REPOSITORY_NAMESPACE}/appid-node-sample:{APP_VERSION} .

9. Push the image.docker push {REGISTRY_DOMAIN}/{REPOSITORY_NAMESPACE}/appid-node-sample:{APP_VERSION}

10. Deploy by executing kubectl apply -f kube_deployment.yml

11. Now configure the OAuth redirect URL at the App ID dashboard so it will approve redirecting to your cluster. Go to your App ID instance at IBM Cloud console and under Manage Authentication->Authentication Settings->Add web redirect URLs add the following URL:https://{CLUSTER_ENDPOINT}:30000/ibm/cloud/appid/callback

Manage Identity Providers

12. You can see your sample running on Kubernetes in IBM Cloud.open http://{CLUSTER_ENDPOINT}:30000

13. Click on Login

Login page

14. Click Login with Google

Identity Providers

15. After signing in using Google identity provider, you have successfully authenticated to your Web Application.

Authentication Success

Share your thoughts and experience. Thank you and Cheers!