Integration
To integrate Goiabada with your app, you’ll need an OAuth2/OpenID Connect client library for your platform. Most platforms provide such libraries.
Configuration
Section titled “Configuration”When configuring your OAuth2/OpenID Connect client to work with Goiabada, you’ll typically need:
- Client ID and Client Secret (from Goiabada admin console)
- Issuer URL (normally the auth server base URL) - e.g.,
https://auth.example.com - Authorization Endpoint -
<auth-server-base-url>/auth/authorize - Token Endpoint -
<auth-server-base-url>/auth/token - UserInfo Endpoint -
<auth-server-base-url>/auth/userinfo - JWKS URI -
<auth-server-base-url>/.well-known/jwks.json - End Session Endpoint -
<auth-server-base-url>/auth/logout
Most libraries support automatic configuration via the OpenID Connect Discovery endpoint at <auth-server-base-url>/.well-known/openid-configuration.
Sample integrations
Section titled “Sample integrations”The Goiabada GitHub repository includes sample integrations for various platforms:
JavaScript (browser-only)
Section titled “JavaScript (browser-only)”A browser-based test client using oauth4webapi. Pure client-side app demonstrating the Authorization Code Flow with PKCE for public clients. Allows step-by-step flow execution, token inspection, and userinfo calls. See the README for setup details.
Go web application
Section titled “Go web application”A server-side Go application demonstrating Authorization Code Flow with PKCE for confidential clients. Features scope selection, ACR levels, max_age, response modes, token verification via JWKS, protected routes, and RP-initiated logout. See the README for setup details.
React SPA with Node.js backend
Section titled “React SPA with Node.js backend”A React + Express application using the Backend-for-Frontend (BFF) pattern. Demonstrates protected routes, group-based access control, scope-based access control, token inspection, silent refresh, and ACR levels. See the README for setup details.