Developer Documentation

Integrate AuthLayer into your application using standard OAuth2 and OpenID Connect flows.

Quick start

  1. Create an organisation and sign in.
  2. Go to OAuth Applications and register your app.
  3. Note your client_id and client_secret.
  4. Implement the Authorization Code flow as described below.

Endpoints

EndpointMethodDescription
/oauth/authorizeGETAuthorization endpoint — redirect users here
/oauth/tokenPOSTToken endpoint — exchange code for tokens
/oauth/userinfoGETUserInfo endpoint — get user claims
/.well-known/openid-configurationGETOIDC Discovery document
/.well-known/jwks.jsonGETJSON Web Key Set

Authorization Code Flow

Step 1: Redirect to authorize

GET /oauth/authorize?
  response_type=code&
  client_id=YOUR_CLIENT_ID&
  redirect_uri=https://yourapp.com/callback&
  scope=openid profile email&
  state=RANDOM_STATE&
  code_challenge=CHALLENGE&
  code_challenge_method=S256

Step 2: Exchange code for tokens

POST /oauth/token
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&
code=AUTH_CODE&
redirect_uri=https://yourapp.com/callback&
client_id=YOUR_CLIENT_ID&
client_secret=YOUR_CLIENT_SECRET&
code_verifier=VERIFIER

Step 3: Get user info

GET /oauth/userinfo
Authorization: Bearer ACCESS_TOKEN

Scopes

ScopeClaims
openidsub
profilename, given_name, family_name
emailemail, email_verified