Other OIDC clients
NamoID exposes a standard OpenID Connect discovery document, so any conformant client library integrates the same way: give it the issuer URL and let it discover the rest. No NamoID-specific SDK is required on the server.
The universal recipe:
- Configure the library with
issuer = https://<slug>.id.namoid.in. - Set
client_id/client_secretfrom your OAuth client. - Register your
redirect_urion the client in the dashboard. - Request scopes
openid profile email(addoffline_accessfor a refresh token). - Let the library run authorization-code + PKCE and validate the ID token against the discovered JWKS.
Node.js / Express (openid-client)
Use openid-client v6 with server-side sessions. Discover the issuer, run the
code flow with PKCE, and keep tokens server-side only.
NAMOID_ISSUER=https://<slug>.id.namoid.in
NAMOID_CLIENT_ID=idpc_test_…
NAMOID_CLIENT_SECRET=idps_test_…
NAMOID_REDIRECT_URI=http://localhost:3001/auth/callback
SESSION_SECRET=…
Flow:
GET /signin— generatestate,nonce, and a PKCEcode_verifier; store them in the session; redirect to the authorization endpoint.GET /auth/callback— validatestate, exchange the code for tokens, validate the ID token, store claims in the session.POST /logout— destroy the session.
Use httpOnly, sameSite: "lax" cookies, and secure: true in production.
Spring Security (Java)
Spring Security's OAuth2 client supports issuer discovery via issuer-uri:
spring:
security:
oauth2:
client:
registration:
namoid:
provider: namoid
client-id: ${NAMOID_CLIENT_ID}
client-secret: ${NAMOID_CLIENT_SECRET}
authorization-grant-type: authorization_code
redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
scope: [openid, email, profile]
provider:
namoid:
issuer-uri: ${NAMOID_ISSUER}
Register the redirect URI http://localhost:8080/login/oauth2/code/namoid on
your OAuth client. PKCE is enabled automatically for OIDC registrations.
Anything else
The same applies to Python (authlib), Go (coreos/go-oidc), Ruby
(omniauth_openid_connect), and mobile SDKs (AppAuth). Point them at the
issuer URL, request the scopes you need, and validate the ID token against the
JWKS endpoint listed in discovery.
See the OIDC endpoints reference for the exact discovery document fields and supported parameters.