Guides
OAuth and OpenID Connect guides for developers
Learn OAuth 2.0, OIDC, PKCE, localhost callbacks with a mock IdP, CI login tests, and Playwright automation. Practical articles for integration work.
Understanding the OAuth 2.0 authorization code flow
How browsers, your app, and an authorization server cooperate to let a user sign in without handing your app their password.
8 min read
OpenID Connect: identity on top of OAuth
What OIDC adds to OAuth 2.0, how ID tokens differ from access tokens, and how discovery documents tie it together.
7 min read
PKCE, state, and redirect URIs for safer OAuth apps
Core defenses against authorization code interception, CSRF on the callback, and redirect manipulation.
7 min read
OAuth scopes and consent: what to request and why
Learn how OAuth scopes map to permissions and OpenID Connect claims, how consent screens work, and how to request the minimum access your app needs.
6 min read
Local OAuth development: localhost callbacks and mock issuers
Run your app on localhost while OAuth discovery, consent, and tokens come from a mock issuer. Loopback redirect URIs, stable env vars, and common pitfalls.
7 min read
Mock OAuth and OIDC for development and tests
Use a mock IdP for dev and CI: your app keeps localhost callbacks while discovery, consent, and tokens come from an issuer like dummyÔauth.
7 min read
OAuth testing in CI: reliable login without production IdPs
Run automated OAuth and OIDC login tests in CI with a mock IdP. Keep localhost callbacks on your runner while tokens come from a stable issuer URL.
9 min read
Playwright OAuth testing: end-to-end login without flaking
Automate OAuth sign-in with Playwright using a mock IdP. Your app stays on localhost; consent runs on the issuer with stable selectors.
8 min read