Get started in 3 steps
Create an app
Register an OAuth client in the developer console. Get your client_id and client_secret instantly.
Install the SDK
npm install @uniauth/js or @uniauth/react. Also available via CDN at uniauth.id/sdk/. TypeScript types included.
Add a login button
Call login() and UniAuth handles the OIDC flow, PKCE, token refresh, and logout. You get a user object.
Simple integration
Three SDKs, one OAuth flow. Each demo below is live — click the button to try the popup auth flow.
Live demo — simulated OAuth flow
The widget renders a branded button and handles the full PKCE flow.
<script src="https://uniauth.id/brand/oauth/uniauth-widget.js"></script>
<div id="signin"></div>
<script>
UniAuth.renderButton('#signin', {
clientId: 'YOUR_CLIENT_ID',
redirectUri: window.location.origin + '/callback',
mode: 'popup', // or 'redirect', or omit for auto
theme: 'dark',
onSuccess: function(result) {
console.log('Token:', result.accessToken);
},
onError: function(err) {
console.error(err);
}
});
</script>Full API coverage
OIDC Discovery
Auto-configurable via .well-known/openid-configuration. All endpoints, scopes, and claims advertised.
Token Endpoint
Authorization code, refresh, client credentials, device, and token exchange grants. DPoP supported.
UserInfo
GET + POST per OIDC Core. Scoped claims: profile, email, phone, address, groups.
JWKS
RS256 public keys for ID token verification. Key rotation with overlap period.
Dynamic Registration
RFC 7591 client registration. Rate-limited, scope-whitelisted, with registration_access_token.
Webhooks
Real-time HMAC-signed events: user.created, login, logout, password_changed, consent_granted.
Device Flow
RFC 8628 for CLI tools, smart TVs, IoT. Human-readable XXXX-XXXX codes.
SCIM 2.0
Users + Groups CRUD, Bulk operations, filter queries. Org-scoped provisioning.
Admin API
Full user/session/client/group/policy management. GraphQL and REST.