Skip to main content

Add server-side web application

Add a server-side web application as an OAuth client to securely handle authentication and access tasks on the server rather than in the user's browser.

These applications use the Authorization Code Flow to authenticate users and manage tokens, keeping sensitive credentials safe from client-side risks. This guide shows you how to configure and add a server-side web application for secure user authentication and API access.

  1. In your workspace, select Applications > Clients > Create client.

  2. Provide a name for your application, select Server-side Web, and click Create.

    Create application Create application

  3. For your application, configure the Redirect URI.

    The redirect URI defines where to send users after they complete authentication and consent.

    To learn more, see OAuth Redirect URI.

    Redirect URI setup Redirect URI setup

  4. Copy or download the client application configuration (client ID and secret) and add it to your application code.

    You can use any OAuth library library for your application.

    Copy credentials

    Try it out:

    Node.js with Next.js
    // try demo at https://github.com/nextauthjs/next-auth-example
    // go to file pages/api/auth/[...nextauth].ts and modify providers array as showcased below

    import NextAuth, { NextAuthOptions } from "next-auth"

    // For more information on each option (and a full list of options) go to
    // https://next-auth.js.org/configuration/options
    export const authOptions: NextAuthOptions = {
        secret: "some-secret-secret",
        // https://next-auth.js.org/configuration/providers/oauth
        providers: [
            {
                id: "cloudentity",
                name: "SecureAuth",
                type: "oauth",
                version: "2.0",
                wellKnown: "https://postmance.eu.connect.secureauth.com/postmance/docs/.well-known/openid-configuration",
                clientId: "4f91bea492b74b819a5d9961977beef6",
                clientSecret: "PH-668ZM_6IGHE7Feji7UQZ5MOzZlBbKJ_9ctKmtIjg",
                authorization: {params: {scopes: ["openid", "profile", "email"]}},
                profile(profile) {
                    return {
                        id: profile.sub,
                        name: profile.name,
                        email: profile.email
                    }
                }
            }
        ],
        callbacks: {
            async jwt({ token }) {
                token.userRole = "admin"
                return token
            },
        },
    }

    export default NextAuth(authOptions)
    Node.js with Passport and OIDC
    // try demo at https://github.com/passport/todos-express-openidconnect
    // go to file routes/auth.js and modify the OpenIdConnectStrategy to use your cloudentity server configuration

    // ...

    passport.use(new OpenIDConnectStrategy({
        issuer: 'https://postmance.eu.connect.secureauth.com/postmance/docs',
        authorizationURL: 'https://postmance.eu.connect.secureauth.com/postmance/docs/oauth2/authorize',
        tokenURL: 'https://postmance.eu.connect.secureauth.com/postmance/docs/oauth2/token',
        userInfoURL: 'https://postmance.eu.connect.secureauth.com/postmance/docs/userinfo',
        clientID: "95768bc9b1b94a35bd17b5d9fe5a66d0",
        clientSecret: "ojHkryV4hQS781l8nTtk-VmJFR4shjjpd96YQncCWd4",
        callbackURL: '/api/auth/callback/cloudentity',
        scope: [ 'profile' ]
    }, function verify(issuer, profile, cb) {
        return cb(null, profile);
    }));

    // ...

    router.get('/api/auth/callback/cloudentity', passport.authenticate('openidconnect', {
        successReturnToOrRedirect: '/',
        failureRedirect: '/login'
    }));

  5. Go to your application and try to log in.

Next Steps