🔐
Authentication
Authentication
Products use OIDC authorization code flow with hardware-bound Device Bound Session Credentials (DBSC).
Flow
•Redirect unauthenticated users to /auth on your product domain
•Platform completes WebAuthn + DBSC binding
•Callback to /auth/callback exchanges code for session
Redirect URIs
Register each product callback in platform config under idp.clients — e.g. https://yourproduct.com/auth/callback