Get started in 5 minutes

Quick Start Guide

This guide will walk you through setting up OAuth42 authentication in your application. You'll create an account, configure your first OAuth client, and implement authentication in minutes.

1

Create Your Account

First, create your OAuth42 account to access the dashboard where you'll manage your OAuth clients and users.

  1. Visit https://app.oauth42.com
  2. Click "Sign Up" and enter your email address
  3. Verify your email address via the confirmation link
  4. Complete your profile setup
Create Account
2

Create Your First OAuth Client

An OAuth client represents your application in the OAuth42 system. You'll need its credentials to authenticate users.

In the Dashboard:

  1. Navigate to "OAuth Clients" in the sidebar
  2. Click "Create Client"
  3. Fill in the client details:
    • Name: Your application name (e.g., "My App")
    • Client Type: Select "Confidential" for web apps, "Public" for mobile/SPA
    • Redirect URIs: Add http://localhost:3000/callback for local development
  4. Click "Create" and save your Client ID and Client Secret (you won't see the secret again!)

Important Security Note

Store your Client Secret securely. Never commit it to version control or expose it in client-side code.

3

Configure Client Settings

Configure your OAuth client with the appropriate settings for your use case.

Grant Types

We recommend using Authorization Code with PKCE for the best security:

  • Authorization Code + PKCE: Most secure, works for web, mobile, and SPAs
  • Client Credentials: For machine-to-machine authentication only
  • Refresh Token: Enable to get long-lived access without re-authentication

Scopes

Configure which permissions your application will request:

openid

Required for OIDC authentication

profile

Access to user profile info

email

Access to user email address

offline_access

Enables refresh tokens

4

Implement Authentication

Now let's implement OAuth2 authentication in your application. Choose your preferred language:

1. Install the SDK

npm install @oauth42/sdk
# or
yarn add @oauth42/sdk

2. Configure the OAuth Client

import { OAuth42Client } from '@oauth42/sdk';

const oauth42 = new OAuth42Client({
  clientId: 'your_client_id',
  clientSecret: 'your_client_secret', // Only for server-side
  redirectUri: 'http://localhost:3000/callback',
  issuer: 'https://auth.oauth42.com',
  scopes: ['openid', 'profile', 'email'],
});

3. Start the Authorization Flow

// Generate PKCE challenge
const { codeVerifier, codeChallenge } = await oauth42.generatePKCE();

// Store code verifier in session
req.session.codeVerifier = codeVerifier;

// Generate authorization URL
const authUrl = oauth42.getAuthorizationUrl({
  state: 'random_state_string',
  codeChallenge,
  codeChallengeMethod: 'S256',
});

// Redirect user to authorization URL
res.redirect(authUrl);

4. Handle the Callback

// In your /callback route
const { code, state } = req.query;

// Verify state (important for security!)
if (state !== req.session.state) {
  throw new Error('Invalid state parameter');
}

// Exchange authorization code for tokens
const tokens = await oauth42.exchangeCodeForTokens({
  code,
  codeVerifier: req.session.codeVerifier,
});

// tokens contains:
// - access_token: Use to access protected resources
// - id_token: Contains user identity information
// - refresh_token: Use to get new access tokens
// - expires_in: Token expiration time

// Get user info
const userInfo = await oauth42.getUserInfo(tokens.access_token);

console.log('User:', userInfo);
// { sub: 'user_id', email: '[email protected]', name: 'John Doe', ... }
5

Test Your Integration

Now that you've implemented the authentication flow, let's test it:

  1. Start your application locally
  2. Navigate to your login route (e.g., /login)
  3. You should be redirected to the OAuth42 authorization page
  4. Sign in with your OAuth42 account
  5. Grant the requested permissions
  6. You'll be redirected back to your application with an authorization code
  7. Your application will exchange the code for access tokens
  8. You should now see the user information logged in your console

Success!

You've successfully integrated OAuth42 authentication! Your users can now securely sign in to your application.

Next Steps

Enable Multi-Factor Authentication

Add an extra layer of security with TOTP-based 2FA

Manage Tokens & Sessions

Learn about token refresh, validation, and session management

Explore the API Reference

Complete documentation for all OAuth42 API endpoints

Security Best Practices

Ensure your implementation follows security best practices

Need Help?

If you're stuck or have questions, we're here to help!

View All DocumentationContact SupportGitHub Discussions