Authentication
External Identity Providers
Authenticate with Supabase, Firebase, Auth0, and other IdPs
CloudSignal integrates with popular identity providers for seamless authentication.
Supported Providers
- Supabase - Full support with JWT verification
- Firebase - Firebase Auth token validation
- Auth0 - OIDC/JWT integration
- Custom OIDC - Any OpenID Connect compliant provider
Supabase Integration
Acquire a session token from Supabase, then exchange it for CloudSignal MQTT credentials with connectWithToken.
import CloudSignal from '@cloudsignal/mqtt-client';
import { createClient } from '@supabase/supabase-js';
const supabase = createClient(SUPABASE_URL, SUPABASE_ANON_KEY);
const client = new CloudSignal({ preset: 'desktop', autoRefresh: true });
const { data } = await supabase.auth.getSession();
await client.connectWithToken({
organizationId: 'your-org-id',
provider: 'supabase',
externalToken: data.session?.access_token
});Firebase Integration
import CloudSignal from '@cloudsignal/mqtt-client';
import { getAuth } from 'firebase/auth';
const auth = getAuth();
const client = new CloudSignal({ preset: 'desktop', autoRefresh: true });
const idToken = await auth.currentUser?.getIdToken();
await client.connectWithToken({
organizationId: 'your-org-id',
provider: 'firebase',
externalToken: idToken
});Auth0 Integration
import CloudSignal from '@cloudsignal/mqtt-client';
import { useAuth0 } from '@auth0/auth0-react';
function useCloudSignal() {
const { getAccessTokenSilently } = useAuth0();
async function connect() {
const client = new CloudSignal({ preset: 'desktop', autoRefresh: true });
const accessToken = await getAccessTokenSilently();
await client.connectWithToken({
organizationId: 'your-org-id',
provider: 'auth0',
externalToken: accessToken
});
return client;
}
return { connect };
}Custom OIDC Provider
For any OIDC-compliant provider:
const client = new CloudSignal({ preset: 'desktop', autoRefresh: true });
// Return a JWT from your auth system
const accessToken = await yourAuthSystem.getAccessToken();
await client.connectWithToken({
organizationId: 'your-org-id',
provider: 'oidc',
externalToken: accessToken
});Backend Configuration
Register your IdP in CloudSignal dashboard:
- Go to Settings → Authentication
- Click Add Identity Provider
- Select provider type and enter:
- JWKS URL (for JWT verification)
- Issuer URL
- Audience claim
- Map user claims to CloudSignal permissions
Token Refresh
Enable autoRefresh when constructing the client and the SDK renews the exchanged broker credentials before they expire. Use the token lifecycle callbacks to observe refreshes and react to problems:
const client = new CloudSignal({ preset: 'desktop', autoRefresh: true });
client.setTokenRefreshedCallback(() => {
console.log('Broker credentials refreshed');
});
client.setTokenExpiringCallback(() => {
console.log('Token is about to expire');
});
client.setTokenErrorCallback((error) => {
console.error('Token refresh failed', error);
});
const { data } = await supabase.auth.getSession();
await client.connectWithToken({
organizationId: 'your-org-id',
provider: 'supabase',
externalToken: data.session?.access_token
});Handling Auth State Changes
React to authentication state changes:
// Supabase example
supabase.auth.onAuthStateChange(async (event, session) => {
if (event === 'SIGNED_IN') {
await client.connectWithToken({
organizationId: 'your-org-id',
provider: 'supabase',
externalToken: session?.access_token
});
} else if (event === 'SIGNED_OUT') {
await client.disconnect();
}
});Error Handling
client.setAuthErrorCallback((error) => {
console.error('Authentication failed', error);
// Redirect to login so the user can re-authenticate with the IdP
window.location.href = '/login';
});