Custom Authentication

Overview

Cadana provides the flexibility for customers to integrate their own authentication engines, ensuring a seamless login experience for users. This feature allows the preservation of existing user management systems and authentication flows, enhancing user experience and security.

Supported Authentication Engines

Cadana supports integration with popular authentication engines like AWS Cognito, Auth0, and Stytch. If you're utilizing a custom authentication engine, please contact your account manager to confirm compatibility. Note that any custom authentication engine must be ISO and SOC 2 compliant to ensure security and compatibility.

Configuration Steps

1. Set ISS and JWKS Endpoints

Configure the ISS (Issuer) and JWKS (JSON Web Key Set) endpoints in the platform settings. These endpoints are essential for validating and decoding JWT tokens issued by your authentication engine.

2. Update User Subject

For every user that needs to log in, set the custom sub (subject) on the user object using the Update User Subject endpoint. This step ensures that Cadana can map a user in your authentication engine to a user in the Cadana platform.

3. Exchange JWT Token

Call the Exchange JWT Token endpoint with a valid token from your authentication engine. Cadana will exchange this token for a one-time redirect token.

4. User Login

Use the one-time redirect token to log the user in seamlessly. The login URL will depend on whether you are using the default Cadana domain or a custom domain.

For the default Cadana domain:
https://app.cadanapay.com/login?redirectToken={{redirectToken}}
For a custom domain:
https://{{customDomain}}/login?redirectToken={{redirectToken}}

Conclusion

Custom authentication integration ensures that your users enjoy a seamless and secure login experience, aligning with your existing user management and authentication systems. Ensure to follow the outlined steps for a successful integration and contact your account manager for any specific needs or clarifications.