Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

If you have an app where users need to authenticate, you can improve security by adding federated authentication to your app. You can should use OpenID Connect for thatOpenID Connect OpenID Connect as an identity layer. This will allow your client to verify the identity of the end-user based on the authentication performed by an authorization server, as well as to obtain basic profile information about the end-user. SURFnet offers a code base you can embed in your code. SAML is not suited for this. Read on to learn more about adding federated authentication in your app.

Best practices of apps and user authentication

The IETF How to setup your user authentication in apps is well documented. Please refer to articles online when you connect to SURFconext. The Internet Engineering Task Force (IETF) has published a list of recommended best practices for security and user experience around use of these specifications in native apps. Please read this Read the Ping Identity blog about it: .if you want to know more about this. The Carnegy Mellon CERT also published a blog , about what makes a what about good app authentication.

How adding federated authentication improves security

Offering your customers federated authentication the right way means end-users visually only hand off their password to their home organisations (like an institution)organizations, and see a their familiar home-organisation organization login page. Opposed to this are app-developers offering their own in app login page: by doing that, users get more vulnerable to phishing attacks, since they get used to inputting their passwords in all kinds of apps. App-developers offering ‘the right’ way of federated authentication can use this in their sales pitch to prospective new customers!

Ways of adding federated authentication in your app

You have a couple of options to do great authentication in your app. Check out our SSO-Libraries and read more about this:

But my own in app login page looks far better!

One of the most heard objectives to ‘doing login right’ is : that the user-flow /or user-experience is worse than when I you just offer 2 input fields , one for a userid user id and another for a password. This is true. But why do you think might be true but realize that   companies like Google and , Facebook , and IETF, and the Internet Engineering Task Force use and recommend the ‘right’ way? Because helping this simply because this helps keeping the end user stay secure is more important!which is of the utmost importance.

More information

We blogged about the SURFnet-SDK:


our SURF software development kits to have federated login to native applications (the right way)


If you want more information, please email  or contact us at