Skip to main content

Adding the Proxy SDK to an Application Server

The Proxy SDK makes it easy for an application server to make use of the /token API in native flows.

It is loosely coupled to the Browser SDK, and does not impose any specific deployment requirements on the application. This lets the developer control how the login form interacts with the backend application.

Browser and proxy SDKs interacting

In order to use the Proxy SDK, there are three things which the Application server login API must provide:

  • Session ID - which is provided by the Browser SDK. See the steps on performing collection for information on how this is provided.
  • IP Address - Either retrieved directly from the request, or consumed from a header provided by the endpoint which received the request (i.e. X-forwarded-for).
  • User-Agent - a standard header included in HTTP requests (i.e. User-Agent).

These values are passed into the Proxy SDK and are used to populate the context which is passed to /token.

The proxy SDK is available from GitHub or via npm.

Install the proxy SDK with:

npm install adaptive-proxy-sdk

Include the Proxy SDK in your application:

const Adaptive = require('adaptive-proxy-sdk');

Then initialize an adaptive object:

const adaptiveConfig = {
    tenantUrl: '', // Your Security Verify tenant URL
    clientId: '8937e946-82eb-48bc-a857-b62425f645bd', // Your Security Verify client ID
    clientSecret: 'aHVudGVyMjIK', // Your Security Verify client secret.
const adaptive = new Adaptive(adaptiveConfig);

For steps on getting a clientId and clientSecret see Onboarding Native Apps.

Note: In production usage the clientSecret should be retrieved from a secure store managed by the applications deployment. Note: The client_id and client_secret being used by the adaptive SDK are application credentials, not API client credentials.

Now with the SDK initialized, we can authenticate a user.

Next: Using the Proxy SDK to Authenticate a User

Previous: Hosting a Well-Known Static Resource