We take a look at Curity Identity Server Community Edition, a free identity management solution to secure API access and protect users.

Disclaimer: Curity is a Nordic APIs sponsor.

Our digital lives and the real world are virtually indistinguishable from one another at this point. It’s not uncommon to simply grab your phone on the way out the door, serving as your wallet, your bus pass, your entertainment, and even, in some circumstances, your identification.

While this is a dream come true in terms of convenience, it also could become a waking nightmare. Stop for a moment and think about what could happen if you lost your phone while signed into all of your accounts. This is just one spine-chilling example of why identity asset management is so vital in today’s development world.

Enter Curity, one of the most popular and highly-regarded identity asset management tools, connecting your apps and development projects to OAuth and OpenID from one convenient location.

Curity has recently released Version 5.4.0, which offers a Community Edition giving developers access to Curity’s identity management tools for free under a special license. We’ve gone ahead and popped the hood of Curity Identity Server Version 5.4.0 Community Edition for a thorough review to see if it’s worth your while to add to your development stack.

Without further ado, here’s our review of the Curity Identity server community edition.

Getting Started With Curity Identity Server

For the sake of this review, we’re using Docker to launch and run Curity.

If you’d like to take a look for yourself, open Terminal and input the following:

docker run -it -e PASSWORD=<set_admin_password> -p 6749:6749 -p 8443:8443 curity/idsvr

This is an example of the standard code you’ll use to run a container in Docker. It pulls the most recent build of idsvr if you haven’t already downloaded it. It also opens up Port 6749, which is the default port Curity is configured to use.

Note that you’ll need to set an admin password after PASSWORD=. You’ll need that to log into Curity’s dashboard.

After that code runs, navigate to localhost:6749/admin. You’ll need to verify the page with Google’s security. Then you’ll be given access to Curity’s admin dashboard, where you can use and monitor all of its features from one convenient location.

If this is your first time logging into Curity, you’ll need to run the Startup Wizard to configure a few things before you can use the Identity Server in earnest.

You’ll need to set up a database for storing tokens, an email server for sending emails for verification purposes, and a few other odds and ends. Luckily, all of this comes pre-configured in the Setup Wizard, so you can just use the factory settings. It only takes a couple of minutes to get up and running.

Basic Setup Wizard

When you first login into Curity’s dashboard, you’ll be directed towards a basic setup wizard. If you’re using the factory settings, it’s fairly simple and only takes a minute or two.

One thing to note is that Curity offers an impressive array of tutorial materials to get you started. The video materials are streamlined and efficient, packing a truly dense amount of information into a short amount of time. For example, this video demonstrates setting up a username and password authenticator. Be advised that some of the terminologies vary between the videos and the software, however. We recommend going through the written tutorials when you’re first installing and configuring Curity.

The tutorials also show you how to set up your first authenticator and token service. Going through the tutorials is fairly mandatory as you’ll need to configure Curity before using it. It’s a good idea to get some of Curity’s code under your fingertips, as well, to get comfortable and acclimated to its commands.

Curity Overview

Curity’s primary use cases include:

  • Securing APIs, apps, and websites using OAuth 2.0 and OpenID Connect
  • Enabling two-factor authentication (2FA), single sign-on (SS0), self-service for users for password resets, and for creating accounts without needing a custom verification code.
  • Managing all your users from one API

Curity Version 5.4.0 Community Edition Overview

The new Community Edition of Curity Identity Server has unique features. These include:

  • Free
  • Unlimited Users
  • Username/password + social identity providers
  • Complete OAuth Identity Server

Accessibility

Curity has builds available for a wide array of popular development environments. Curity can be implemented using:

  • Docker
  • Helm
  • Azure
  • AWS
  • Google Cloud

Usability

Curity Identity Server is a daemon service like other web servers such as Apache, Tomcat, NGINX, etc. Starting it is thus done with similar tools like the command-line control app.

You can interact with the server using various client applications. Many are provided in various languages. One example is JavaScript. A client can be installed using NPM by doing this:

npm install @curity/oauth-assistant
cd node_modules/@curity/oauth-assistant/
npm install

After running this command, wait for the libraries to finish installing. Once they’ve finished, navigate to example/index.js. Open that file with a text editor (I recommend Notebook++). First, find client_id and change the value to www, the name of the authorizer you set up in the Basic Setup Wizard. Then find issuer and change that value to "https://localhost:8443/oauth/v2/oauth-anonymous".

Then run the program by typing:

npm start

This should open an instance of Curity OAuth Assistant in your browser so you can demo Curity for yourself. If you run into any problems or need further clarification, instructions are also detailed at this tutorial.

You’ll need to be at least slightly comfortable with some command-line tools or programming languages to leverage Curity Identity Server fully. The odds are good that if you’re seeking a way to conveniently integrate apps or websites with OAuth or OpenID, you’re probably not afraid of bashing a few commands. Considering that Curity has dedicated builds for nearly any development environment you can think of, it’s fair to say that Curity is suitable for Beginner to Intermediate users.

Usefulness

Curity Identity Server is both the Rosetta Stone and swiss army knife of identity management. Once you get under the hood and become accustomed to how it works, you can use it for many of your security needs. Curity supports every kind of identity authenticator you can think of, from social media authorization to username and passwords.

Curity also offers a truly impressive array of resources and tutorials to help you navigate nearly any situation likely to arise. Curity’s GitHub repository features example code for almost any kind of implementation you can think of, from Python to Apigee Edge.

APIs and Microservices

Of course, many of you will be especially interested in how Curity interacts with, consumes, and produces APIs. That’s one of its main selling points, actually, especially for avid API users. Curity can be entirely run with APIs, with each one of its sections featuring a pulldown menu where you can customize its APIs.

Curity also offers the ability to create custom endpoints, which is another major selling point for the API connoisseur. It truly allows a flexible experience while keeping the underlying security system intact.

Curity Identity Management Community Edition: Final Thoughts

Curity Identity Server manages all of your identity needs from one convenient, easy-to-use location, making your application development both more secure and more convenient at the same time.

Curity has truly given the development world something to treasure with the Community Edition. It’s almost unbelievable that such a powerful resource is available for free. Considering that so much of our identities reside online, cybersecurity is paramount. Free tools like OAuth.tools and Curity Community Edition can thus help all developer teams elevate their security posture, no matter what size.

The Community Edition of the Curity Identity Server is relatively intuitive to use, but it does take a little getting used to. You’ll need to be at least slightly conversant with at least one programming language to use, so keep that in mind. Out-of-the-box, plug-and-play software this is not. What it is is a powerful security solution that can do virtually anything, and with minimal effort, once you learn how to use it.