CBC GROUP
Standard Authentication

OIDC Overview

OpenID Connect (OIDC) is the recommended authentication protocol for web and mobile applications. It provides a standard, secure way to verify user identity.

1

Authorize

Redirect users to our authorize endpoint.

GET/v1/auth/authorize
Payload
GET /v1/auth/authorize?
  client_id=YOUR_CLIENT_ID&
  redirect_uri=YOUR_CALLBACK_URL&
  response_type=code&
  state=RANDOM_STATE&
  scope=openid profile email
2

Receive Code

We redirect back with an authorization code.

CALLBACKYOUR_REDIRECT_URI
Payload
YOUR_REDIRECT_URI?
  code=AUTH_CODE_HERE&
  state=RANDOM_STATE
3

Exchange Token

Exchange code for tokens on your backend.

POST/v1/auth/token
Payload
POST /v1/auth/token
Content-Type: application/json

{
  "client_id": "YOUR_CLIENT_ID",
  "client_secret": "YOUR_CLIENT_SECRET",
  "code": "AUTH_CODE_HERE",
  "grant_type": "authorization_code"
}

Common Flow Errors

View all error codes

INVALID_REQUEST

Missing client_id or redirect_uri.

AUTH_CODE_EXPIRED

Code used after 5-minute timeout.

AUTH_INVALID_GRANT

Code already used or invalid secret.

Use PKCE for Mobile & SPA

For client-side apps, always implement PKCE (Proof Key for Code Exchange) to prevent code interception attacks.