Skip to main content

Experience App – Unified End‑User Portal

The Experience app is the unified, PDP‑aware end‑user portal for the Identity Fabric. It dynamically enables modules (IdP, PDP, Automation/CRUD, Workflows) at runtime and strictly communicates via ARIA Shield.

What’s innovative (and why it matters):

  • PDP‑aware UI: every route, widget, and action is governed by OpenID AuthZEN decisions through ARIA Shield. Value: provable least‑privilege UX, audit‑ready.
  • Runtime module activation: an ARIA Shield‑served config (/api/configs/ui + SSE stream) enables/disables app modules on the fly. Value: single portal for any subset of services; no rebuilds for tenants.
  • Unified API and SSE layer: one client (@api) namespaces to /idp, /pdp, /crud, /workflow behind ARIA Shield; SSE for live task counters and workflow status. Value: fast, consistent UX.
  • Plugin model (CSP‑safe): plugins are discovered via manifests and loaded as ESM bundles through ARIA Shield; no CSP relaxations or cross‑origin scripts. Value: extensibility without security debt.
  • Zero‑token SPA: session in httpOnly cookies; no access tokens in browser; all traffic same‑origin to ARIA Shield. Value: eliminates token exfiltration class.
  • Design‑system consistency: Neon Flux tokens/components ensure a premium, coherent UI. Value: faster delivery, brand quality.

Architecture (at‑a‑glance):

Competitive position:

  • Versus generic portals (Okta/ForgeRock app launchers): ours is PDP‑aware at widget/action level and supports workflow/task execution—not just SSO tiles.
  • Versus ITSM frontends: we provide policy‑guarded automation and inventory with full CAEP/observability, not ticket proxies.
  • Versus bespoke UIs: Experience is modular, runtime‑configurable, and plugin‑extensible without copying secrets into the browser.

Proof points (source): see experience/docs/empowernow_react_app.md and experience/docs/experience_plugins.md.

Canonical plugin reference for architecture and operations: ../../services/experience/experience_plugins

Deeper technical docs

  • Experience architecture and plugins: /docs/services/experience/experience_plugins
  • Plugins configuration reference: /docs/services/experience/reference/plugins-config
  • ARIA Shield routes/settings: /docs/services/bff/reference/routes-reference, /docs/services/bff/reference/settings-reference
  • PDP flags: /docs/services/pdp/reference/settings-flags