Haspass Documentation

Comprehensive guides for integrating with Haspass OAuth 2.0 and OpenID Connect

OAuth 2.0 Implementation

Authorization Code Flow

The most secure OAuth 2.0 flow for web applications.

Step 1: Redirect to Authorization Endpoint

GET /oauth/authorize?
  response_type=code
  &client_id=YOUR_CLIENT_ID
  &redirect_uri=YOUR_REDIRECT_URI
  &scope=openid%20profile%20email
  &state=RANDOM_STRING

Step 2: Exchange Code for Token

POST /oauth/token
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code
&code=AUTHORIZATION_CODE
&redirect_uri=YOUR_REDIRECT_URI
&client_id=YOUR_CLIENT_ID
&client_secret=YOUR_CLIENT_SECRET

OpenID Connect

ID Token

Get user identity information in a cryptographically signed JWT.

Sample ID Token

{
  "iss": "https://haspass.example.com",
  "sub": "1234567890",
  "aud": "YOUR_CLIENT_ID",
  "exp": 1311281970,
  "iat": 1311280970,
  "name": "John Doe",
  "email": "john@example.com"
}

UserInfo Endpoint

Access additional user claims with the access token.

GET /oauth/userinfo
Authorization: Bearer ACCESS_TOKEN

Learn More About OpenID Connect