NamoID Docs

Other OIDC clients

NamoID exposes a standard OpenID Connect discovery document, so any conformant client library integrates the same way: give it the issuer URL and let it discover the rest. No NamoID-specific SDK is required on the server.

The universal recipe:

  1. Configure the library with issuer = https://<slug>.id.namoid.in.
  2. Set client_id / client_secret from your OAuth client.
  3. Register your redirect_uri on the client in the dashboard.
  4. Request scopes openid profile email (add offline_access for a refresh token).
  5. Let the library run authorization-code + PKCE and validate the ID token against the discovered JWKS.

Node.js / Express (openid-client)

Use openid-client v6 with server-side sessions. Discover the issuer, run the code flow with PKCE, and keep tokens server-side only.

NAMOID_ISSUER=https://<slug>.id.namoid.in
NAMOID_CLIENT_ID=idpc_test_…
NAMOID_CLIENT_SECRET=idps_test_…
NAMOID_REDIRECT_URI=http://localhost:3001/auth/callback
SESSION_SECRET=

Flow:

  • GET /signin — generate state, nonce, and a PKCE code_verifier; store them in the session; redirect to the authorization endpoint.
  • GET /auth/callback — validate state, exchange the code for tokens, validate the ID token, store claims in the session.
  • POST /logout — destroy the session.

Use httpOnly, sameSite: "lax" cookies, and secure: true in production.

Spring Security (Java)

Spring Security's OAuth2 client supports issuer discovery via issuer-uri:

spring:
  security:
    oauth2:
      client:
        registration:
          namoid:
            provider: namoid
            client-id: ${NAMOID_CLIENT_ID}
            client-secret: ${NAMOID_CLIENT_SECRET}
            authorization-grant-type: authorization_code
            redirect-uri: "{baseUrl}/login/oauth2/code/{registrationId}"
            scope: [openid, email, profile]
        provider:
          namoid:
            issuer-uri: ${NAMOID_ISSUER}

Register the redirect URI http://localhost:8080/login/oauth2/code/namoid on your OAuth client. PKCE is enabled automatically for OIDC registrations.

Anything else

The same applies to Python (authlib), Go (coreos/go-oidc), Ruby (omniauth_openid_connect), and mobile SDKs (AppAuth). Point them at the issuer URL, request the scopes you need, and validate the ID token against the JWKS endpoint listed in discovery.

See the OIDC endpoints reference for the exact discovery document fields and supported parameters.