Connecting your app
There are three ways to wire your app to Huudis. They all end in the same place — a signed-in user and a set of OIDC tokens — so pick the one that fits how your app is built. You can mix them: hosted pages for sign-in, the API or an SDK for admin calls.
| On-ramp | What it is | Best when |
|---|---|---|
| Hosted auth pages | Redirect users to Huudis to sign in; they come back with a code. |
You want Huudis to own the login UI — the fastest path, and what every Forjio product uses. |
| REST API | Call the OIDC and admin endpoints directly over HTTPS. | You're in a language without an SDK, or you don't want to add a dependency. |
| SDK | Official libraries that wrap the API and the OIDC dance. | You're on Node.js, Python, or Go and want PKCE, token exchange, and verification handled for you. |
Hosted auth pages
The simplest integration: your app redirects the browser to Huudis, the user
signs in (password, social, magic link, MFA — whichever they have), and Huudis
redirects back to your registered callback with a one-time code. Your backend
exchanges that code for tokens.
You never render a login form — Huudis hosts it, and every authentication method is available without any extra work on your side. This is the Authorization Code flow with PKCE; see the OIDC overview for the full picture and Quickstart for an end-to-end walkthrough.
Register your callback URL and grant types first — see OIDC clients.
REST API
Everything the hosted flow does is a plain HTTPS call you can make yourself:
build the /oidc/authorize URL, exchange the code at /oidc/token, and read
the user at /oidc/userinfo. The same REST surface also covers admin
operations (users, clients, webhooks, IAM, and more).
Reach for this when you can't add a dependency or there's no SDK for your language. See the API reference for the full surface and API authentication for how bearer tokens work.
SDK
Official SDKs for Node.js (@forjio/huudis-node), Python (huudis),
and Go wrap the OIDC dance — buildAuthorizeUrl, exchangeCode,
refreshTokens — plus typed admin methods and token/webhook verification
helpers. They handle PKCE, state, and refresh-token single-flighting for you.
import { HuudisClient } from '@forjio/huudis-node';
const huudis = new HuudisClient({
clientId: process.env.HUUDIS_CLIENT_ID,
clientSecret: process.env.HUUDIS_CLIENT_SECRET,
redirectUri: 'https://myapp.com/callback',
});
const { url, codeVerifier, state } = huudis.oidc.buildAuthorizeUrl({
scope: 'openid profile email',
});
See the SDK overview for the Python and Go equivalents and the admin methods.
Per-client copy-paste snippets. Once you've registered an OIDC client, the OIDC clients page gives you the concrete client id, redirect URIs, and authorize URL to drop into any of these three on-ramps.
Next
- Quickstart — sign your first user in, end to end.
- OIDC clients — register the app you're connecting.
- OIDC overview — the protocol behind all three on-ramps.