OAuth

Modern Developer Login Experiences: Cloudentity and Tyk API Gateway Developer Portal

Learn how Cloudentity provides better modern developer login experiences for Tyk Enterprise developer portal

Enhancing Developer Login Experiences

In the rapidly evolving landscape of API management, the developer experience is a critical factor. Developers are the backbone of any API-driven ecosystem. Their experience in interacting with API gateways directly influences productivity, innovation, and overall satisfaction. The login process is a pivotal point in this experience, often determining the ease with which developers can access and work with APIs.

In this blog post, we’ll explore how Cloudentity is elevating the developer login experience, seamlessly integrating with Tyk Enterprise Developer Portal to enhance security, streamline workflows, and – ultimately – empower developers.

Traditional login methods can be cumbersome, requiring multiple credentials, posing security risks, and causing friction in the development process. As organizations scale and their API ecosystems grow, addressing these challenges becomes paramount. Cloudentity recognizes this need and can integrate easily with Tyk to redefine and elevate the developer login experience.

Let’s dive into how we connect Tyk Enterprise Developer Portal with Cloudentity platform for developer organization and developer user management and administration.

Cloudentity developer experience

Prerequisites

Configure Cloudentity for Developer Organization and User Management

  1. Create a workspace of the Consumer Applications and Services type within Cloudentity.

  2. Select Organizations and create a new organization.

    Cloudentity developer organizations

    Your organization is ready! Now you may:

Add Client Application for Tyk Integration

Create an application in Cloudentity for Tyk Identity Broker Integration. Do not worry about setting redirect URIs yet.

You can find all client app’s credentials and useful endpoints in the application’s Overview tab. Later on, you will use them to configure the Tyk Identity Broker.

Creating App

Install and Run Tyk Self-Managed

We chose the Self Managed option for this demonstration as it contains the Enterprise Developer Portal for developers. Follow official Tyk instructions by signing up for free quickstart trial.

Note

Before you run Tyk, create a secret for the Tyk Identity Broker to talk to Tyk Enterprise Developer Portal internally.

This can be configured by setting this environment variable in tyk_portal.env

PORTAL_API_SECRET=your-portal-api-secret

Configure and Run Tyk Identity Broker

More details on Tyk Identity Broker and its configurtion can be found in this Tyk article.

Below configurations has the value of PORTAL_API_SECRET (your-portal-api-secret) referenced under:

  • profile.json -> IdentityHandlerConfig -> DashboardCredential
  • tib.conf -> TykAPISettings -> DashboardConfig -> AdminSecret

tib.conf also has docker network IP of other Tyk components which can be obtained using docker inspect tyk-pro-docker-demo_tyk

Adjust the below configuration files. You can find all client credentials and endpoints needed in the client application you created in Cloudentity.

  • .profiles.json
 [{
 "ActionType": "GenerateOrLoginDeveloperProfile",
 "ID": "1",
 "IdentityHandlerConfig": {
  "DashboardCredential": "your-portal-api-secret"
 },
 "OrgID": "0",
 "ProviderConfig": {
  "CallbackBaseURL": "http://localhost:3010",
  "FailureRedirect": "http://localhost:3001/?fail=true",
  "UseProviders": [{
   "Name": "openid-connect",
   "Key": "REPLACE_WITH_CLOUDENTITY_OAUTH_CLIENT_ID",
   "Secret": "REPLACE_WITH_CLOUDENTITY_OAUTH_CLIENT_SECRET",
   "Scopes": ["openid", "email"],
   "DiscoverURL": "REPLACE_WITH_CLOUDENTITY_WELL_KNOWN_URL",
   "SkipUserInfoRequest": true
  }]
 },
 "ProviderName": "SocialProvider",
 "ReturnURL": "http://localhost:3001/sso",
 "Type": "redirect",
 "DefaultUserGroupID": "1"
}]

For example, the UseProviders section will look like this

"UseProviders": [
    {
        "Name": "openid-connect",
        "Key": "1774d147a16a43528e2f0434af896900",
        "Secret": "REDACTED____REPLACE_WITH_CLOUDENTITY_OAUTH_CLIENT_SECRET",
        "Scopes": ["openid", "email"],
        "DiscoverURL": "https://ce-se-demo.us.authz.cloudentity.io/ce-se-demo/tyk-gateway-demo/.well-known/openid-configuration",
        "SkipUserInfoRequest": true
    }]
  • .tib.conf
{
 "Secret": "test-secret",
 "log_level": "debug",
 "HttpServerOptions": {
  "UseSSL": false,
  "CertFile": "./certs/server.pem",
  "KeyFile": "./certs/server.key"
 },
 "SSLInsecureSkipVerify": true,
 "BackEnd": {
  "Name": "in_memory",
  "IdentityBackendSettings": {
   "Hosts" : {
    "172.21.0.5": "6379"
   },
   "Password": "",
   "Database": 0,
   "EnableCluster": false,
   "MaxIdle": 1000,
   "MaxActive": 2000
  }
 },
 "TykAPISettings": {
  "GatewayConfig": {
   "Endpoint": "http://172.21.0.2",
   "Port": "8080",
   "AdminSecret": "352d20ee67be67f6340b4c0605b044b7"
  },
  "DashboardConfig": {
   "Endpoint": "http://172.21.0.4",
   "Port": "3001",
   "AdminSecret": "your-portal-api-secret"
  }
 }
}

Once configured, run the Tyk Identity Broker.

docker run -p 3010:3010 --network=tyk-pro-docker-demo_tyk -e TYK_LOGLEVEL='debug' -v $(pwd)/confs/tib.conf:/opt/tyk-identity-broker/tib.conf -v $(pwd)/confs/profiles.json:/opt/tyk-identity-broker/profiles.json tykio/tyk-identity-broker:v1.4

Verify Integration

Now that the configuration is complete and all components are running, let’s try to authenticate a developer via Cloudentity and then let the developer seamlessly access the Tyk Enterprise Developer Portal.

  1. Launch the login URL.

    http://localhost:3010/auth/1/openid-connect
    
  2. Sign in a developer using one of the methods you configured in Cloudentity.

Cloudentity developer user management

You should be able to access the Tyk Enterprise Developer Portal.

Cloudentity developer user management

Now that you have seen how easily you can integrate Cloudentity with Tyk Enterprise developer portal for developer organization and developer onboarding. Cloudentity also provides capability for delegated management of developers to dedicated organization administrators using Cloudentity delegated B2B functionality

Summary

By prioritizing simplicity, security, and scalability, Cloudentity integration with Tyk API Gateway developer portal empowers developers to unleash their full potential in building innovative applications. As organizations continue to embrace API-driven strategies, the seamless integration of identity and access management with API gateways becomes not just a convenience but a strategic necessity.

Updated: Nov 16, 2023