Step 2: Configure OAuth Client

Now that you've chosen your OAuth library, it's time to configure your OAuth client with Oten IDP endpoints and credentials.

Need context? Check the Integration Flow Overview to see how this step fits into the complete process.

What You'll Learn

In this step, you will:

• Set up OAuth client configuration using Discovery (recommended)

• Configure Oten IDP endpoints automatically or manually

• Understand different client types and their configurations

• Set up environment variables securely

• Test your basic configuration

Configuration Methods

Method 1: Discovery Configuration (Recommended)

Use OpenID Connect Discovery to automatically fetch configuration:

📖 Detailed Guide: See Discovery Configuration for complete implementation examples.

// Automatic configuration using discovery
async function createOAuthConfig() {
  const discoveryUrl = 'https://account.oten.com/.well-known/openid-configuration';
  const response = await fetch(discoveryUrl);
  const discoveryConfig = await response.json();

  return {
    // Client credentials (from Oten registration)
    clientId: process.env.OTEN_CLIENT_ID,
    clientSecret: process.env.OTEN_CLIENT_SECRET,

    // Automatically discovered endpoints
    authorizationURL: discoveryConfig.authorization_endpoint,
    tokenURL: discoveryConfig.token_endpoint,
    userInfoURL: discoveryConfig.userinfo_endpoint,
    jwksURI: discoveryConfig.jwks_uri,
    issuer: discoveryConfig.issuer,

    // Application settings
    redirectURI: process.env.OTEN_REDIRECT_URI,
    scopes: ['openid', 'profile', 'email'],

    // OAuth flow settings
    responseType: 'code',
    grantType: 'authorization_code'
  };
}

// Usage
const config = await createOAuthConfig();

Method 2: Manual Configuration

If you prefer to configure endpoints manually:

Oten IDP Endpoints

Primary Endpoints

Discovery Endpoint Usage

Many libraries support automatic configuration via the discovery endpoint:

Environment Variables Setup

Create Environment File

Create a .env file (never commit to version control):

Load Environment Variables

Technology-Specific Configurations

Node.js with openid-client

Python with Authlib

Java Spring Boot

C# ASP.NET Core

🔒 Client Types and Security

Confidential Clients (Server-Side)

For applications that can securely store secrets:

Public Clients (Client-Side)

For SPAs, mobile apps, and other clients that cannot store secrets:

🎯 Scope Configuration

Standard Scopes

Dynamic Scope Selection

Advanced Configuration Options

Timeout Settings

Custom Headers

🧪 Testing Your Configuration

Configuration Validation

Test Authorization URL Generation

🔍 Configuration Troubleshooting

Common Issues

Invalid Client ID

Redirect URI Mismatch

Debug Configuration

Configuration Checklist

Before proceeding to the next step, ensure:

• Environment variables are set correctly

• Client ID and secret are valid

• Redirect URI matches registration

• Endpoints are accessible

• Scopes are appropriate for your use case

• Security settings are configured properly

• Configuration validation passes

Navigation

• ← Previous: Step 1: Choose OAuth Library - Select your library

• ↑ Overview: Integration Flow Overview - See the big picture

• → Next: Step 3: Implement Authorization Flow - Implement JAR authorization

Progress: Step 2 of 5 complete ✅