search

πŸ—ΊοΈIntegration flow overview

Welcome to the Oten IDP developer integration guide! This page provides a comprehensive overview of the entire integration process, giving you a roadmap before diving into the detailed implementation steps.

hashtag
🎯 What you'll learn

This overview covers:

  • Complete integration workflow from setup to production

  • Step-by-step roadmap with clear milestones

  • JAR (JWT-Secured Authorization Request) requirements - CRITICAL for Oten IDP

  • Different client types and their specific implementation paths

  • Security considerations and best practices

  • Testing and deployment strategies

hashtag
🚨 Before you start - JAR requirement

CRITICAL: Oten IDP requires JAR (JWT-secured authorization request) for ALL authorization requests.

Key Points:

  • ❌ Traditional OAuth query parameters are REJECTED

  • βœ… All OAuth parameters must be in a signed JWT

  • Choose HS256 (client secret) or EdDSA (key pair)

For complete JAR details, see JAR requirement

hashtag
Integration roadmap

Here's your complete journey from start to finish:

hashtag
Simple integration workflow

hashtag
Step-by-step guide navigation

Step
Page
Description
Time Estimate

Setup

Prerequisites

Environment setup, Oten registration

30 minutes

JAR

JAR requirement

CRITICAL: Understanding JAR requirements

15 minutes

Library

Choose OAuth library

Select JAR-compatible library

20 minutes

Config

Configure client

Set up OAuth client with JAR

30 minutes

Auth

Authorization flow

Implement JAR authorization

45 minutes

Callback

Handle callback

Process OAuth callback

30 minutes

Tokens

Token management

Secure token storage & refresh

45 minutes

Total estimated time: 3-4 hours for basic implementation

hashtag
What type of app are you building?

Choose your path based on what you're building:

hashtag
Web app with backend server

Examples: Traditional websites, admin panels, internal tools

What you have
What you need

Backend server (Node.js, Python, Go, etc.)

βœ… Easiest path

Database for user sessions

βœ… Store secrets securely

Server-side rendering

βœ… Full control over auth

Go to: Server-side integration guide

hashtag
Frontend-only app (SPA)

Examples: React app, Vue app, Angular app (no backend)

What you have
What you need

Frontend framework only

❌ More complex

No backend server

⚠️ Need backend service for JAR

Browser-based app

⚠️ Cannot store secrets safely

You Need: A small backend service to handle JAR creation Go to: SPA integration guide

hashtag
Mobile app

Examples: iOS app, Android app, React Native

What you have
What you need

Mobile application

❌ Most complex

App store distribution

⚠️ Need backend service for JAR

Native or hybrid app

⚠️ Deep link handling required

You Need: Backend service + deep link setup Go to: Mobile integration guide

hashtag
How to sign your requests (JAR)

Oten requires signed requests for security. Choose your signing method:

hashtag
Method 1: Use client secret (easier)

For beginners and development

Pros
Cons
Best For

βœ… Simple setup

❌ Less secure

Development

βœ… No key management

❌ Shared secret

Internal apps

βœ… Quick to implement

Getting started

How it works: Use your client secret (password) to sign requests

hashtag
Method 2: Use key pairs (more secure)

For production and public apps

Pros
Cons
Best For

βœ… Very secure

❌ More complex setup

Production

βœ… No shared secrets

❌ Key management needed

Public apps

βœ… Industry standard

High security

How it works: Generate a key pair, keep private key secret, register public key

hashtag
πŸš€ Quick recommendations

hashtag
πŸ‘¨β€πŸ’» For beginners

Start with Go + Client secret method

Why Go?
Why Client secret?

βœ… We provide ready-made library

βœ… Simpler to implement

βœ… Built-in JAR support

βœ… No key management

βœ… Complete examples

βœ… Works for most cases

βœ… 1-2 hours to implement

βœ… Good for learning

hashtag
🏭 For production apps

Use EdDSA for better security

Security level
Method
Best for

🟑 Good

HS256

Internal tools, development

🟒 Better

EdDSA

Production, public apps

hashtag
πŸ’‘ Simple decision tree

Question 1: Is this for production?

  • No β†’ Use Client Secret method

  • Yes β†’ Continue to Question 2

Question 2: Do you have a backend server?

  • Yes β†’ Use Key Pairs method

  • No β†’ You need to build a small backend service first

hashtag
🎯 What happens when user logs in?

Simple 5-step process:

Step
What happens
Who does it

1️⃣

User clicks "Login"

User

2️⃣

App creates signed request (JAR)

Your app

3️⃣

User enters password at Oten

User

4️⃣

Oten sends back a code

Oten

5️⃣

App exchanges code for tokens

Your app

Result: User is logged in and can use your app!

hashtag
πŸ› οΈ What you need to build

hashtag
For Client secret method (easier)

  1. Sign requests with your client secret

  2. Handle the callback when user returns

  3. Store tokens safely

  4. Use tokens for API calls

hashtag
For Key pairs method (more secure)

  1. Generate key pair (one time setup)

  2. Register public key with Oten

  3. Sign requests with private key

  4. Handle the callback when user returns

  5. Store tokens safely

  6. Use tokens for API calls

hashtag
Ready to start?

Choose your path:

hashtag
Recommended for beginners

Go with Client secret - Easiest path, 1-2 hours

hashtag
For Other languages

Choose your library - More setup needed, 2-4 hours

hashtag
For production apps

Key pairs setup - Most secure, requires key management

Next: Step 1: Choose OAuth library

PreviousFlow diagramNextPrerequisites

Last updated