Applications

FoxIDs becomes an OpenID Provider (OP) or Identity Provider (IdP) by registering an application. Application registrations connect your applications and APIs to FoxIDs, select the allowed authentication methods, and define how tokens or assertions are issued.

External IdPs are connected with authentication methods. By combining a SAML 2.0 authentication method with an OpenID Connect application registration, FoxIDs can act as a bridge between SAML 2.0 and OpenID Connect.

How to connect with applications and authentication methods

Application registration types

FoxIDs supports three application registration types:

JWT and SAML

OpenID Connect, OAuth 2.0, JWT, and JWT claims are first-class citizens in FoxIDs. Internally, claims are always represented as JWT claims, and request and response properties use OAuth 2.0 and OpenID Connect attributes.

FoxIDs converts between standards by normalizing attributes into that internal representation. Therefore, SAML 2.0 claims are converted to JWT claims between the authentication method and the application registration.

Connect applications and APIs

When you register an application with either OpenID Connect or SAML 2.0, FoxIDs becomes the OP or IdP for that application.
You most often connect applications and APIs, but an application registration can also issue tokens to an external system where that system is the relying party.

OpenID Connect and OAuth 2.0

It is recommended to secure applications and APIs with OpenID Connect and OAuth 2.0. See .NET Samples for end-to-end examples.

How-to guides:

Connect Tailscale

SAML 2.0

Configure SAML 2.0 to act as an Identity Provider.