Authentication Flows
Choose and implement an AuthOS OAuth, admin, device, or token lifecycle flow
AuthOS supports several authentication flows for browser applications, administration surfaces, input-constrained devices, and long-lived sessions. Start with the flow that matches your client, then use the troubleshooting guide for risk challenges and common failures.
Choose a flow
| Goal | Guide | Typical client |
|---|---|---|
| Sign end users in through an OAuth provider | OAuth web redirect | Browser or React application |
| Sign platform or organization administrators in | Admin login | Administration dashboard |
| Authenticate without an embedded browser or keyboard | Device authorization | CLI, mobile, IoT, or TV |
| Refresh, store, and revoke session tokens | Tokens and sessions | Any authenticated client |
| Respond to risk challenges and authentication errors | Troubleshooting | Any authentication flow |
Prerequisites
Before you begin:
- Install the SDK with
npm install @drmhse/sso-sdk. - Record your AuthOS instance URL.
- Configure an organization and service in the platform.
- For redirect flows, register every production and development callback URI.
End-User OAuth Login (Web Redirect Flow)
Use the OAuth web redirect guide to initialize the SDK, redirect to a provider, process the callback, verify the session, and integrate the flow into React.
Admin Login (Platform & Organization Admins)
Use the admin login guide for elevated platform and organization administration surfaces.
Device Flow (CLIs and Mobile Apps)
Use the device authorization guide for RFC 8628 polling and verification experiences on CLIs, mobile applications, and other input-constrained devices.
Token Refresh Workflow
Use the tokens and sessions guide for token refresh, automatic retry, React session state, secure storage, and logout.
Risk-Based Authentication
Use the troubleshooting guide to detect and complete MFA risk challenges, test risk policies, handle SDK errors, and verify redirect URI configuration.
Best Practices
Token storage and security guidance now lives with tokens and sessions. Error and challenge guidance lives in troubleshooting.
Next Steps
- Password Authentication Guide — Implement email and password login.
- MFA Management Guide — Enroll and manage multi-factor authentication.
- SDK Auth Reference — Look up authentication methods and types.
Pages
OAuth Web Redirect
Implement end-user OAuth redirects, callbacks, session verification, and a React login
Admin Login
Implement elevated OAuth login for platform and organization administration
Device Authorization
Implement RFC 8628 device authorization for CLIs, mobile apps, and input-constrained devices
Tokens and Sessions
Refresh, store, verify, and revoke AuthOS session tokens safely
Authentication Troubleshooting
Handle risk-based MFA challenges, SDK errors, and redirect configuration failures