Integration Guide
Connect your applications to OpenGate IAM using standard OAuth 2.1 / OIDC — compatible with any language or framework.
On this page
Integration Patterns
┌─────────────────────────────────────────────────────────────────────┐
│ Integration Patterns │
│ │
│ ┌──────────────────────────┐ ┌───────────────────────────────┐ │
│ │ Browser SPA / Mobile │ │ Backend / Microservice │ │
│ │ │ │ │ │
│ │ Auth Code + PKCE │ │ Client Credentials Grant │ │
│ │ → opengate-console │ │ → opengate-admin-api │ │
│ │ → Your React app │ │ → Your backend service │ │
│ │ → Your mobile app │ │ │ │
│ └──────────────────────────┘ └───────────────────────────────┘ │
│ │
│ ┌──────────────────────────┐ ┌───────────────────────────────┐ │
│ │ Spring Boot API │ │ Next.js (Full-stack) │ │
│ │ │ │ │ │
│ │ OAuth2 Resource Server │ │ next-auth / Auth.js │ │
│ │ JWT validation via JWKS │ │ Server-side session mgmt │ │
│ └──────────────────────────┘ └───────────────────────────────┘ │
└─────────────────────────────────────────────────────────────────────┘
| Client Type | Flow | Guide |
|---|---|---|
| React / Next.js SPA | Authorization Code + PKCE | React / Next.js |
| Spring Boot API | OAuth2 Resource Server | Spring Boot |
| Backend service | Client Credentials | Spring Boot |
| CLI tool | Device Code | Coming soon |
Quick Integration Checklist
- Register your app as an OAuth2 client in the Admin Console
- Note your
client_id(andclient_secretfor confidential clients) - Fetch the OIDC discovery document:
GET /realms/{realm}/.well-known/openid-configuration - Implement Authorization Code + PKCE for browser apps
- Validate JWTs using the
jwks_urifrom the discovery document - Handle token refresh before expiry (access token: 5 min)
OIDC-compatible
OpenGate is fully OIDC-compliant. Any library or framework that supports OIDC discovery will work out of the box.