Authentication Providers

2 min read | Last updated :

Kisai supports a variety of authentication providers that can be setup for each realm. Below are the list of provider types that are supported on the platform.

Provider Type	Description	Template Variables
challenge	Password
magic	enable magic links for authentication	magic_link
magicnumbers	enable magic link numbers	num_1, num_2, num_3, magic_link_1, magic_link_2, magic_link_3
otpsms	OTPs sent over SMS	otp
otpemail	OTPs sent over email	otp
oauth	OAuth based, needs additional config at Tenant level
goauth	Google OAuth based, needs additional config at Tenant level
recaptcha
federation

Below is the list of platform supported Multi factor authentication (MFA) providers.

MFA Type	Description
otpmfa	SMS OTP
totpmfa	Time based OTP like Microsoft Authenticators
hotpmfa	Hash based SMS OTP like Google Authenticatore Counter based
webauthnmfa	Web Authentication

Setting up providers

Providers required at a product level needs to be setup. Below are the required parameters

Parameter	Description
name	name of the provider
type	provider type
mfa	required to enable multi factor authentication

Below is the sample providers.yaml file.

1
providers:
2
- name: password
3
  type: challenge
4
  mfa: otpmfa
5
  mfa: webauthnmfa
6
- name: passwordrecaptcha
7
  type: recaptcha
8
- name: google
9
  type: goauth
10
- name: o365
11
  type: oauth
12
  ...

Example 1 - Setup basic authentication

Let us enable password as basic authentication provider for sweetnothings.

providers.yaml

1
- name: password
2
  type: challenge

Let’s test this by providing email and password in our API request.

URL

1
/account/auth/login/password

Request

1
{
2
"email": "[email protected]",
3
"password": "abc$123"
4
}

Response

1
{
2
"refresh": "N0UxfaUcLj...",
3
"token": "eyJhbGciOiJ..."
4
}

Example 2 - Setting up MFA

Let us enable multi factor authentication with OTP as a provider for sweetnothings.

providers.yaml

1
providers:
2
...
3
- name: passwordotp
4
  type: challenge
5
  mfa: otpmfa

Let’s test this by providing password as the first step followed by OTP.

Step 1 : Request - Provide mobile and password

1
URL: /account/auth/login/passwordotp

1
{
2
    "mobile": "9999999876",
3
    "password": "abc$123"
4
}

Response

1
{
2
    "message": "mfa is required"
3
}

Step 2 : Request - Provide OTP

1
URL : /account/auth/login/passwordotp

1
{
2
    "mobile": "9999999876",
3
    "password": "abc$123",
4
    "otp": "788881"
5
}

Response

1
{
2
    "refresh": "i5xW7oZwBIMl..,.",
3
    "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6..."
4
}

Example 3 - Setting up passwordless authentication

Let us set up passwordless authentication through magic link for sweetnothings.

Step 1 - Request

URL

1
/account/auth/login/magiclink

Request

1
{
2
    "email": "[email protected]"
3
}

Response

1
{
2
    "message": "magic link generated successfully"
3
}

Step 2 - Email with magic link

Click on the login button in the email.

On click, the user is authenticated and directed to the landing page of the application.

Step 1 - Request for Magic Link

URL

1
/account/auth/login/magic02?token={token}

Request

1
{
2
    "email": "[email protected]"
3
}

Response

1
{
2
    "message": "magic link generated successfully"
3
}

Step 2 - Approve Magic Link

URL

1
/account/auth/login/magiclink?token={token}

1
{
2
    "email": "[email protected]"
3
}

Response

1
{
2
    "refresh": "rAjL54auCHjZrUSKHP....",
3
    "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6Ik..."
4
}