Public documentation
🔐

Authentication

Authentication

Products use OIDC authorization code flow with hardware-bound Device Bound Session Credentials (DBSC).

Flow

Redirect unauthenticated users to /auth on your product domain
Platform completes WebAuthn + DBSC binding
Callback to /auth/callback exchanges code for session

Redirect URIs

Register each product callback in platform config under idp.clients — e.g. https://yourproduct.com/auth/callback