Configure an auth provider

Auth providers are configured through the NetFoundry Frontdoor REST API. Each auth provider defines how users authenticate with external identity providers before accessing your shares.

Steps

Frontdoor console

1. From the Frontdoor console, click Authentication in the left-hand menu.

2. Click the + icon to create a new auth provider.

3. Fill in the auth provider fields:

   • Name: Enter a name for the auth provider.
   • Type: Select the type of auth provider you want to create (OIDC, GITHUB, or GOOGLE).
   • Client ID: Enter the client ID obtained from your identity provider.
   • Client secret: Enter the client secret obtained from your identity provider.

   

   For Standard OIDC only:

   • Scopes: Enter the OAuth scopes to request (e.g., openid, email).
   • Issuer URL: Enter the issuer URL for your OIDC provider; used for auto-discovery of endpoints.
   • Discovery URL: (Optional) Enter the discovery URL for your OIDC provider. If left blank, it will be derived from the issuer URL.
   • Supports PKCE: Check this box if your OIDC provider supports PKCE (Proof Key for Code Exchange).

4. Click Create.

   Your auth provider is created and can be selected when creating an OAuth-protected share.

Command-line interface

Use the REST API to create an auth provider for Frontdoor. Choose from one of the 3 supported provider types and make sure to replace placeholders with your actual values:

OIDC

curl -X POST "https://api.netfoundry.io/frontdoor/{frontdoorId}/auth-providers" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <your-api-token>" \
  -d '{
    "name": "oidc-auth",
    "type": "OIDC",
    "config": {
      "client_id": "<oidc-client-id>",
      "client_secret": "<oidc-client-secret>"
      "scopes": ["openid", "email", "profile"],
      "issuer": "https://your-oidc-provider.com"
    }
  }'

GITHUB

curl -X POST "https://api.netfoundry.io/frontdoor/{frontdoorId}/auth-providers" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <your-api-token>" \
  -d '{
    "name": "github-auth",
    "type": "GITHUB",
    "config": {
      "client_id": "<github-client-id>",
      "client_secret": "<github-client-secret>"
    }
  }'

GOOGLE

curl -X POST "https://api.netfoundry.io/frontdoor/{frontdoorId}/auth-providers" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <your-api-token>" \
  -d '{
    "name": "google-auth",
    "type": "GOOGLE",
    "config": {
      "client_id": "<google-client-id>",
      "client_secret": "<google-client-secret>"
    }
  }'

Supported provider types

NetFoundry Frontdoor supports three types of OAuth providers:

• OIDC: Standard OpenID Connect provider for custom identity providers
• GITHUB: GitHub OAuth authentication
• GOOGLE: Google OAuth authentication

Configuration parameters by provider type

Each provider type requires specific configuration parameters:

OIDC (OpenID Connect)

• client_id: OIDC client ID from your identity provider
• client_secret: OIDC client secret from your identity provider
• issuer_url: The issuer URL for your OIDC provider
• scopes: Array of OAuth scopes to request (e.g., ["openid", "email", "profile"])

Google OAuth

• client_id: Google OAuth client ID from Google Cloud console
• client_secret: Google OAuth client secret from Google Cloud console

GitHub OAuth

• client_id**: GitHub OAuth app client ID
• client_secret: GitHub OAuth app client secret

Next steps

• Create an OAuth-protected share using the configured auth provider.
• Learn more about authentication.
• Review the auth provider API guide.