🔐
Authentication
Authentication
Products use OIDC authorization code flow with hardware-bound Device Bound Session Credentials (DBSC).
Flow
•
Redirect unauthenticated users to /auth on your product domain
•
Platform completes WebAuthn + DBSC binding
•
Callback to /auth/callback exchanges code for session
Redirect URIs
Register each product callback in platform config under idp.clients — e.g. https://yourproduct.com/auth/callback