OAuth Admin Panel - Innocom Login

Client Name	Client ID	Type	Status	Users	Created	Actions
Loading...

Employee Code	Name	Email	Title	Role	Department	Ranking	Status	Actions
Loading...

Create OAuth Client

Client Name *

Redirect URIs * (one per line)

Homepage URL

Logo URL

Allowed Scopes

openid profile email offline_access

Require user consent

Client Credentials

Important: Save these credentials now! The secret will not be shown again.

Client ID

Client Secret

Client Details

Client ID

Type

Status

Created

Redirect URIs

Allowed Scopes

Settings

Access Token Lifetime

Refresh Token Lifetime

OAuth Integration Guide

Client Information

Client Name:

Client ID:

Redirect URIs:

OAuth 2.0 Authorization Code Flow

1

Redirect user to authorization URL

Your app redirects user to OAuth server with client_id, redirect_uri, and PKCE parameters

2

User authenticates and grants permission

User logs in and approves access to their data

3

Receive authorization code

OAuth server redirects back to your redirect_uri with an authorization code

4

Exchange code for access token

Your backend exchanges authorization code for access_token and refresh_token

5

Access protected resources

Use access_token to call API endpoints and get user information

Security Best Practices

Always use PKCE (Proof Key for Code Exchange) for public clients
Store client_secret securely on backend (never expose to frontend)
Validate redirect_uri to prevent open redirect attacks
Use HTTPS for all OAuth endpoints
Implement proper token storage (httpOnly cookies or secure storage)

Frontend Implementation (JavaScript)

1. Generate PKCE Challenge

// Generate random code verifier
function generateCodeVerifier() {
    const array = new Uint8Array(32);
    crypto.getRandomValues(array);
    return base64URLEncode(array);
}

// Generate code challenge from verifier
async function generateCodeChallenge(verifier) {
    const encoder = new TextEncoder();
    const data = encoder.encode(verifier);
    const hash = await crypto.subtle.digest('SHA-256', data);
    return base64URLEncode(new Uint8Array(hash));
}

function base64URLEncode(array) {
    return btoa(String.fromCharCode(...array))
        .replace(/\+/g, '-')
        .replace(/\//g, '_')
        .replace(/=/g, '');
}

2. Initiate OAuth Login

3. Handle OAuth Callback

// On your callback page
async function handleOAuthCallback() {
    const params = new URLSearchParams(window.location.search);
    const code = params.get('code');
    const state = params.get('state');

    // Verify state matches
    const savedState = sessionStorage.getItem('oauth_state');
    if (state !== savedState) {
        throw new Error('Invalid state parameter');
    }

    // Get code verifier
    const codeVerifier = sessionStorage.getItem('code_verifier');

    // Send code and verifier to your backend
    const response = await fetch('/api/auth/callback', {
        method: 'POST',
        headers: { 'Content-Type': 'application/json' },
        body: JSON.stringify({ code, codeVerifier })
    });

    const data = await response.json();

    // Store tokens securely (backend should use httpOnly cookies)
    console.log('Login successful!');
    window.location.href = '/dashboard';
}

Backend Implementation

Exchange Authorization Code for Tokens

API Endpoints

GET

Initiate OAuth authorization flow

Query Parameters:

client_id - Your client ID
redirect_uri - One of your registered redirect URIs
response_type - Must be "code"
scope - Space-separated scopes (e.g., "openid profile email")
state - Random string to prevent CSRF
code_challenge - PKCE code challenge
code_challenge_method - Must be "S256"

POST

Exchange authorization code for access token

Request Body (application/json):

{
  "grant_type": "authorization_code",
  "code": "authorization_code_here",
  "redirect_uri": "your_redirect_uri",
  "client_id": "your_client_id",
  "client_secret": "your_client_secret",
  "code_verifier": "pkce_code_verifier"
}

GET

Get authenticated user information

Headers:

Authorization: Bearer {access_token}

Create User

Email *

Password * (min 8 characters)

Full Name

Phone Number

Employee Code

Telegram Username

Title / Position

Role

Department

Ranking

Promotion Line

Gender

Date of Birth

Start Date

Admin privileges Email verified

Admin Panel

OAuth Clients

User Management

Redirect user to authorization URL

User authenticates and grants permission

Receive authorization code

Exchange code for access token

Access protected resources

1. Generate PKCE Challenge

2. Initiate OAuth Login

3. Handle OAuth Callback

Exchange Authorization Code for Tokens

Exchange Authorization Code for Tokens

Exchange Authorization Code for Tokens

Admin Panel

OAuth Clients

User Management

Create OAuth Client

Client Credentials

Client Details

OAuth Integration Guide

Client Information

OAuth 2.0 Authorization Code Flow

Redirect user to authorization URL

User authenticates and grants permission

Receive authorization code

Exchange code for access token

Access protected resources

Security Best Practices

Frontend Implementation (JavaScript)

1. Generate PKCE Challenge

2. Initiate OAuth Login

3. Handle OAuth Callback

Backend Implementation

Exchange Authorization Code for Tokens

Exchange Authorization Code for Tokens

Exchange Authorization Code for Tokens

API Endpoints

Create User

User Actions: