Add server-side web application

Add a server-side web application as an OAuth client to securely handle authentication and access tasks on the server rather than in the user’s browser.

These applications use the Authorization Code Flow to authenticate users and manage tokens, keeping sensitive credentials safe from client-side risks. This guide shows you how to configure and add a server-side web application for secure user authentication and API access.

In your workspace, select Applications > Clients > Create client.
Provide a name for your application, select Server-side Web, and click Create.
For your application, configure the Redirect URI.
The redirect URI defines where to send users after they complete authentication and consent.
To learn more, see Redirect URI.

Copy or download the client application configuration (client ID and secret) and add it to your application code.

You can use any OAuth library library for your application.

Try it out:

// try demo at https://github.com/nextauthjs/next-auth-example
   // go to file pages/api/auth/[...nextauth].ts and modify providers array as showcased below

   import NextAuth, { NextAuthOptions } from "next-auth"

   // For more information on each option (and a full list of options) go to
   // https://next-auth.js.org/configuration/options
   export const authOptions: NextAuthOptions = {
       secret: "some-secret-secret",
       // https://next-auth.js.org/configuration/providers/oauth
       providers: [
           {
               id: "cloudentity",
               name: "Cloudentity",
               type: "oauth",
               version: "2.0",
               wellKnown: "https://postmance.eu.authz.cloudentity.io/postmance/docs/.well-known/openid-configuration",
               clientId: "4f91bea492b74b819a5d9961977beef6",
               clientSecret: "PH-668ZM_6IGHE7Feji7UQZ5MOzZlBbKJ_9ctKmtIjg",
               authorization: {params: {scopes: ["openid", "profile", "email"]}},
               profile(profile) {
                   return {
                       id: profile.sub,
                       name: profile.name,
                       email: profile.email
                   }
               }
           }
       ],
       callbacks: {
           async jwt({ token }) {
               token.userRole = "admin"
               return token
           },
       },
   }

   export default NextAuth(authOptions)

// try demo at https://github.com/passport/todos-express-openidconnect
   // go to file routes/auth.js and modify the OpenIdConnectStrategy to use your cloudentity server configuration

   // ...

   passport.use(new OpenIDConnectStrategy({
       issuer: 'https://postmance.eu.authz.cloudentity.io/postmance/docs',
       authorizationURL: 'https://postmance.eu.authz.cloudentity.io/postmance/docs/oauth2/authorize>,
       tokenURL: 'https://postmance.eu.authz.cloudentity.io/postmance/docs/oauth2/token',
       userInfoURL: 'https://postmance.eu.authz.cloudentity.io/postmance/docs/userinfo',
       clientID: "95768bc9b1b94a35bd17b5d9fe5a66d0",
       clientSecret: "ojHkryV4hQS781l8nTtk-VmJFR4shjjpd96YQncCWd4",
       callbackURL: '/api/auth/callback/cloudentity',
       scope: [ 'profile' ]
   }, function verify(issuer, profile, cb) {
       return cb(null, profile);
   }));

   // ...

   router.get('/api/auth/callback/cloudentity', passport.authenticate('openidconnect', {
       successReturnToOrRedirect: '/',
       failureRedirect: '/login'
   }));

Go to your application and try to log in.

Next Steps

In this section:

Add server-side web application

Next Steps

Search results