CBC Dev
Standard Authentication

OpenID Connect (OIDC) Flow

Implement Single Sign-On (SSO) for your applications using our standardized OIDC provider.

1

Authorize

Redirect the user to the CBC login page to initiate the session. This is the first step where the user grants permission to your app.

GEThttps://api.cbc.id/v1/auth/authorize
Payload
GET https://api.cbc.id/v1/auth/authorize?
  client_id=YOUR_CLIENT_ID&
  redirect_uri=YOUR_CALLBACK_URL&
  response_type=code&
  state=RANDOM_STATE&
  scope=openid profile email
2

Receive Code

After successful login, CBC redirects back to your application with a temporary authorization code.

CALLBACKYOUR_REDIRECT_URI
Payload
YOUR_REDIRECT_URI?
  code=AUTH_CODE_HERE&
  state=RANDOM_STATE
3

Exchange Token

Your server-side application exchanges the temporary code for a long-lived JWT access token.

POSThttps://api.cbc.id/v1/auth/token
Payload
POST https://api.cbc.id/v1/auth/token
Content-Type: application/json

{
  "client_id": "YOUR_CLIENT_ID",
  "client_secret": "YOUR_CLIENT_SECRET",
  "code": "AUTH_CODE_HERE",
  "grant_type": "authorization_code"
}

Common Flow Errors

View all error codes

INVALID_REQUEST

Missing client_id or redirect_uri.

AUTH_CODE_EXPIRED

Code used after 5-minute timeout.

AUTH_INVALID_GRANT

Code already used or invalid secret.

Use PKCE for Mobile & SPA

For client-side apps, always implement PKCE (Proof Key for Code Exchange) to prevent code interception attacks.