We’re excited to announce that Pangea has added Authentication (AuthN) to our Security Platform as a Service (SPaaS). This is a major step for us as we aim to deliver a comprehensive set of services that any developer can use. So let’s dive in and cover everything you need to know about Pangea’s AuthN service.
Why is Pangea delivering AuthN?
We know there are a lot of AuthN providers out there for developers to choose from. However we also know that delivering a secure application may start with AuthN, but it does not end with AuthN. There are several other critical services necessary, and a long tail of other valuable security services that developers can use, and Pangea is delivering those services for developers in one location. We’ve built many of them already, such as Secure Audit Log, Vault, Redact, IP Intelligence, File Intelligence, and many others. So while we’re building this modern security platform for developers we knew we had to add AuthN to the list of services we’re delivering for the convenience of developers, making the overall effort to develop a secure application much more efficient.
Why is this AuthN beta important for you, the developer? And what do you get out of it?
It’s a quick and easy way to get secure authentication into your app. The service and its APIs are efficient, and saves you a lot of time in implementation
Using Pangea’s AuthN sets your app up to take advantage of existing and future services in Pangea very easily by having the user pool for AuthN within the Pangea platform. Examples include things like intelligence lookups on users - password breach lookups, IP reputation, and domain reputation lookups - as well as tighter integration with services like Vault (current), Secure Audit Logging (current), and AuthZ (future).
We want to hear from you (calling all developers). If you like giving direct feedback to companies who listen, we’d like to talk to you. If you don’t like current AuthN products and want to shape the roadmap of our new AuthN service, we’d like to talk to you.
What you need to know about the beta:
Since the service is in beta, Pangea does not recommend using this service in production. If you have any questions about production usage, or timing of when GA will be available, please reach out to us on our slack channel. For integration, we currently have direct REST APIs and a Python SDK. Throughout the Beta period we will be releasing SDKs for Node.JS, Java, GoLang, and C#. Throughout the course of the Beta period, we'll be releasing new features as well. Stay tuned for updates via our slack channel or signing up for our newsletter. We’re looking for developers to test AuthN out and give us feedback on all aspects of the service (development experience, endpoint/API feedback, setup feedback, performance observations, new features, or any other feedback). There are two ways to do this: Join our Slack channel and share the feedback there Email us with feedback or suggestions: feedback@pangea.cloud
What can you do with the service today:
The following is a breakdown of the features you can expect out of Pangea’s AuthN. Note that all of these features are configurable through our console, and are usable through APIs (REST and Python SDK today).
Support for multiple authentication methods
Social (OAuth) - The following social auth providers are available: Google, Github.
Email/password based authentication - This includes support for password complexity options. If you ever wanted to disable Email/Password AuthN, you’re free to. Many developers do this and enable just social auth methods.
Multi-factor authentication (MFA)
You can configure the option to require MFA for your users logging in. The following MFA methods are supported today:
Authenticator app
Email code - users receive a 6 digit code via email
SMS code - users receive a 6 digit code via SMS
Hosted login pages
You can simplify your development work by using Pangea’s hosted login pages for the authentication flow of your app. All you need to provide is a redirect URL that is used to return your users to after an authentication flow is complete.
Customized branding
Everything about the login form is customizable. There are presets you can use (e.g. Pangea, Discord, Browserflix, Ravean), or you can create your own look and feel. Change any of the following in the console:
Logo image
Logo size
Favicon
Background image
Support email
Advanced AuthN settings
The other features that can be customized are:
Session management tokens: Choose between opaque session tokens (default in Pangea) or JSON web tokens (JWTs). A bonus feature with using JWTs is that you can use Pangea’s native Vault service to manage the signing key for the JWTs used. Read more about that in our documentation for both AuthN and Vault.
Adjustable token lifetimes: You can configure session, JWT and refresh token lifetimes. The lifetimes will determine how long tokens generated by the AuthN service are valid before expiring.
Allow signups: Allows users to sign up and create new accounts. Disabling this feature indicates that only invited users will be able to create accounts
CAPTCHA verification: Who doesn’t want more CAPTCHA? Well, you can choose whether to require users to complete a CAPTCHA to sign up or disable it.
Email verification: Require users to verify their email address before the account creation process is complete
Customized Messaging
Pangea’s AuthN service handles all of the communications between the application’s auth flow and the user, however you have the ability to customize messages in flows such as email verification, email invitation, password reset, and your MFA email.
User pool management
All users who are signed up or created are stored in the user pool. You can view, sort, and manage users from the Users section of the console. Managing users via API is also available (e.g. create user, delete user, changing passwords, invitations, and all other user operations).
Invitation management
Similar to the user management, you can see all of the invitations that have been sent. This includes the target user email, the inviter, status, creation time, and expiration time. These invitations can be managed from the console (e.g. revoke an invitation), and managed via API.
Sample App - Next.js
There is a great sample app that integrates Pangea’s AuthN with Next.js, showing a simple way to add authentication to your web application. It includes examples of how to implement user sign-up, sign-in, and sign-out functionality, how to protect client-side pages and API endpoints from public access. The example also includes instructions on setting up the Pangea AuthN service for your project and deploying your application. Check out the code on the github repo here or watch a recorded demonstration here.
The Next.js and Pangea AuthN Example is a code repository that provides a simple way to add authentication to your Next.js web application using the Pangea AuthN service. It includes examples of how to implement user sign-up, sign-in, and sign-out functionality, how to protect client-side pages and API endpoints from public access. The example also includes instructions on setting up the Pangea AuthN service for your project and deploying your application. Most of the NextJS applications need authentication to protect specific pages and API endpoints from general public visibility. This example shows how you can easily add authentication to your NextJS app using the Pangea AuthN service.
What’s next?
Check the service out. Integrate it into an app. Tell us what you think - we want to hear from you. Even better - create an app as part of our active hackathon that is going on now. Have fun, and please share your experience with us on slack.