Integration flow overview

Welcome to the Oten IDP Developer Integration Guide! This page provides a comprehensive overview of the entire integration process, giving you a roadmap before diving into the detailed implementation steps.

🎯 What You'll Learn

This overview covers:

  • Complete integration workflow from setup to production

  • Step-by-step roadmap with clear milestones

  • JAR (JWT-Secured Authorization Request) requirements - CRITICAL for Oten IDP

  • Different client types and their specific implementation paths

  • Security considerations and best practices

  • Testing and deployment strategies

🚨 Before You Start - JAR Requirement

CRITICAL: Oten IDP requires JAR (JWT-Secured Authorization Request) for ALL authorization requests.

Key Points:

  • ❌ Traditional OAuth query parameters are REJECTED

  • ✅ All OAuth parameters must be in a signed JWT

  • Choose HS256 (client secret) or EdDSA (key pair)

For complete JAR details, see JAR Requirement

Integration Roadmap

Here's your complete journey from start to finish:

Simple Integration Workflow

Step-by-Step Guide Navigation

Step
Page
Description
Time Estimate

Setup

Prerequisites

Environment setup, Oten registration

30 minutes

JAR

JAR Requirement

CRITICAL: Understanding JAR requirements

15 minutes

Library

Choose OAuth Library

Select JAR-compatible library

20 minutes

Config

Configure Client

Set up OAuth client with JAR

30 minutes

Auth

Authorization Flow

Implement JAR authorization

45 minutes

Callback

Handle Callback

Process OAuth callback

30 minutes

Tokens

Token Management

Secure token storage & refresh

45 minutes

Total Estimated Time: 3-4 hours for basic implementation

What Type of App Are You Building?

Choose your path based on what you're building:

Web App with Backend Server

Examples: Traditional websites, admin panels, internal tools

What You Have
What You Need

Backend server (Node.js, Python, Go, etc.)

Easiest path

Database for user sessions

✅ Store secrets securely

Server-side rendering

✅ Full control over auth

Go to: Server-Side Integration Guide

Frontend-Only App (SPA)

Examples: React app, Vue app, Angular app (no backend)

What You Have
What You Need

Frontend framework only

More complex

No backend server

⚠️ Need backend service for JAR

Browser-based app

⚠️ Cannot store secrets safely

You Need: A small backend service to handle JAR creation Go to: SPA Integration Guide

Mobile App

Examples: iOS app, Android app, React Native

What You Have
What You Need

Mobile application

Most complex

App store distribution

⚠️ Need backend service for JAR

Native or hybrid app

⚠️ Deep link handling required

You Need: Backend service + deep link setup Go to: Mobile Integration Guide

How to Sign Your Requests (JAR)

Oten requires signed requests for security. Choose your signing method:

Method 1: Use Client Secret (Easier)

For beginners and development

Pros
Cons
Best For

✅ Simple setup

❌ Less secure

Development

✅ No key management

❌ Shared secret

Internal apps

✅ Quick to implement

Getting started

How it works: Use your client secret (password) to sign requests

Method 2: Use Key Pairs (More Secure)

For production and public apps

Pros
Cons
Best For

✅ Very secure

❌ More complex setup

Production

✅ No shared secrets

❌ Key management needed

Public apps

✅ Industry standard

High security

How it works: Generate a key pair, keep private key secret, register public key

🚀 Quick Recommendations

👨‍💻 For Beginners

Start with Go + Client Secret method

Why Go?
Why Client Secret?

✅ We provide ready-made library

✅ Simpler to implement

✅ Built-in JAR support

✅ No key management

✅ Complete examples

✅ Works for most cases

✅ 1-2 hours to implement

✅ Good for learning

🏭 For Production Apps

Use EdDSA for better security

Security Level
Method
Best For

🟡 Good

HS256

Internal tools, development

🟢 Better

EdDSA

Production, public apps

💡 Simple Decision Tree

Question 1: Is this for production?

  • No → Use Client Secret method

  • Yes → Continue to Question 2

Question 2: Do you have a backend server?

  • Yes → Use Key Pairs method

  • No → You need to build a small backend service first

🎯 What Happens When User Logs In?

Simple 5-step process:

Step
What Happens
Who Does It

1️⃣

User clicks "Login"

User

2️⃣

App creates signed request (JAR)

Your app

3️⃣

User enters password at Oten

User

4️⃣

Oten sends back a code

Oten

5️⃣

App exchanges code for tokens

Your app

Result: User is logged in and can use your app!

🛠️ What You Need to Build

For Client Secret Method (Easier)

  1. Sign requests with your client secret

  2. Handle the callback when user returns

  3. Store tokens safely

  4. Use tokens for API calls

For Key Pairs Method (More Secure)

  1. Generate key pair (one time setup)

  2. Register public key with Oten

  3. Sign requests with private key

  4. Handle the callback when user returns

  5. Store tokens safely

  6. Use tokens for API calls

Ready to Start?

Choose your path:

Recommended for Beginners

Go with Client Secret - Easiest path, 1-2 hours

For Other Languages

Choose Your Library - More setup needed, 2-4 hours

For Production Apps

Key Pairs Setup - Most secure, requires key management

Next: Step 1: Choose OAuth Library

PreviousDeveloper Integration guideNextPrerequisites

Last updated