Client Resource

In OAuth2 terms, a client is a front-end or back-end application that requests a login and token.

With Auth Code workflow, the user is forwarded to the login page and forwarded back to the callback url (redirect_uri) following a successful login.

SSOfy sends a request to the following endpoint when the login page is opened to verify the validity of the client id and obtain the client information from you API.

Consider the following specs in designing your client endpoint:

HeadersContent-Type, Signature
204Not Found
400Signature/Input validation Failed

The response should be a json object containing the client data with the following structure:

    "id": "lCCHzw5d3MtwABWcoW8rWmvW6ut0ZRiP",
    "name": "Sample Client",
    "secret": "CLIENT-SECRET-KEY",
    "redirect_uris": [
    "theme": "default",
    "tos": "https://...",
    "privacy_policy": "https://..."

💡️ Tip

For a deeper understanding of the structure and optional properties, refer to the schema.

Wildcard redirect uris are also supported by SSOfy. However, for security reasons, you should always consider specifying legitimate uris to avoid redirecting to an unknown source.

To enable wildcard, add * to the redirect uris array.

    "redirect_uris": [
ssofy Knowledge Base
At our core, we believe that staying up-to-date with the latest trends and advancements in Authentication and related areas is essential. That's why we take great pride in keeping you informed with the latest insights, updates, and news in this rapidly evolving landscape.

Do you need support?
SSOfy is by Cubelet Ltd.
Copyright © 2024 Cubelet Ltd. All rights reserved.