Developer Documentation
Integrate AuthLayer into your application using standard OAuth2 and OpenID Connect flows.
Quick start
- Create an organisation and sign in.
- Go to OAuth Applications and register your app.
- Note your
client_id and client_secret.
- Implement the Authorization Code flow as described below.
Endpoints
| Endpoint | Method | Description |
/oauth/authorize | GET | Authorization endpoint — redirect users here |
/oauth/token | POST | Token endpoint — exchange code for tokens |
/oauth/userinfo | GET | UserInfo endpoint — get user claims |
/.well-known/openid-configuration | GET | OIDC Discovery document |
/.well-known/jwks.json | GET | JSON Web Key Set |
Authorization Code Flow
Step 1: Redirect to authorize
GET /oauth/authorize?
response_type=code&
client_id=YOUR_CLIENT_ID&
redirect_uri=https://yourapp.com/callback&
scope=openid profile email&
state=RANDOM_STATE&
code_challenge=CHALLENGE&
code_challenge_method=S256
Step 2: Exchange code for tokens
POST /oauth/token
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&
code=AUTH_CODE&
redirect_uri=https://yourapp.com/callback&
client_id=YOUR_CLIENT_ID&
client_secret=YOUR_CLIENT_SECRET&
code_verifier=VERIFIER
Step 3: Get user info
GET /oauth/userinfo
Authorization: Bearer ACCESS_TOKEN
Scopes
| Scope | Claims |
openid | sub |
profile | name, given_name, family_name |
email | email, email_verified |