Skip to main content

Authentication

The Authentication service is a core component of the Blocks Cloud Platform. It enables users to configure and manage authentication settings for their Construct projects. By customizing these settings, teams can implement secure and flexible authentication methods tailored to their application’s needs.

Sections of Authentication

The Authentication service is divided into the following sections:

  • General
  • Client Credentials
  • SSO (Single Sign-On)
  • External IdP (Identity Provider)

Configuring General Authentication Settings

The General section provides two key areas for setting up authentication in a Construct app:

  • Settings
  • Grant Types

Settings

The Settings tab defines the rules for user authentication. Authentication

OptionDescription
Access Token ValiditySets how long an access token remains valid.
Refresh Token ValidityDetermines the validity period for refresh tokens.
‘Remember Me’ Token ValidityControls session duration when the “Remember Me” option is enabled.
Max Wrong Attempts Before LockDefines the number of failed login attempts allowed before an account is locked.
Account Lock DurationSpecifies how long an account remains locked after exceeding the allowed failed attempts.

Steps to Configure Settings

  1. Go to Core Services → Authentication .
  2. On the landing page, the General tab will be open by default.
  3. Click the Edit icon in the Settings table.
  4. A pop -up window will appear.
  5. Enter your preferred values for each field.
  6. Click Save to apply the changes.

Grant Types

The Grant Types tab allows users to choose which authentication methods will be available in the Construct app.

Available options include:

  • Email/Password
  • Social Login
  • Client Credentials

Steps to Configure Grant Types

  1. On the General tab (visible on the Authentication landing page), locate the Grant Type table.
  2. Use the checkbox to select one or multiple options.
  3. Click Save to confirm your selections.
note

To enable Single Sign -On (SSO) and Client Credential , you must complete the configuration in the SSO and client credential also

Configuring Client Credentials Settings

Authentication

Steps

  1. On the Client Credentials tab.
  2. Click Create to generate a new client.
  3. Enter the required details:
    a. Client Name
    b. Roles
  4. Click Save to create the client.
    View the generated Client Secret and copy it for use in your application.

Configuring SSO Settings

The Social section allows you to enable Single Sign -On (SSO) using popular identity providers.
Supported Providers:

  • Google
  • Microsoft
  • Others (coming soon)

Steps to Configure SSO
Authentication

  1. Go to Core Services → Authentication .
  2. On the landing page, open the SSO tab.
  3. Locate your desired SSO provider and click the three -dot menu → Configure .
  4. A configuration page will appear asking for necessary details.
  5. Register your application with the selected SSO provider to obtain the following credentials:
    a. Client ID
    b. Client Secret
    c. Redirect URL
    d. Audience
    e. Add other necessary fields.( use setup guide for better understanding)
  6. Enter these details into the configuration form.
  7. Click Save to apply the settings.
    Optional: Set Roles and Permissions
    You can restrict SSO access based on user roles.
    → Example: Only users with the admin role can log in using Google SSO.

Configuring External IdP Settings

Configure an External Identity Provider (IdP) to allow users to log in using accounts from trusted systems such as Keycloak , Okta , Auth0 , or Azure .

Steps to Configure External IdP

  1. Go to Core Services → Authentication .
  2. On the landing page, open the External IdP tab.
  3. In the pop -up page, choose your preferred setup method:
    a. Public URL
    b. JWKS URL
    c. PFX File

If you select Public URL:

  • Enter a direct HTTPS link to the certificate.
  • Provide the Password , Audience , or Issuer if required.
  • Click Save to complete the configuration.

If you select JWKS URL:

  • Enter the JSON Web Key Set (JWKS) endpoint URL.
  • Add Audience or Issuer if needed.
  • Click Save to complete the configuration.

If you select PFX File:

  • Upload the PFX file (maximum size: 5 MB ).
  • Enter the Password , Audience , or Issuer as required.
  • Click Save to complete the configuration.