# Integration flow overview Welcome to the Oten IDP Developer Integration Guide! This page provides a comprehensive overview of the entire integration process, giving you a roadmap before diving into the detailed implementation steps. ## 🎯 What You'll Learn This overview covers: * **Complete integration workflow** from setup to production * **Step-by-step roadmap** with clear milestones * **JAR (JWT-Secured Authorization Request) requirements** - CRITICAL for Oten IDP * **Different client types** and their specific implementation paths * **Security considerations** and best practices * **Testing and deployment** strategies ## 🚨 Before You Start - JAR Requirement **CRITICAL**: Oten IDP requires JAR (JWT-Secured Authorization Request) for ALL authorization requests. **Key Points:** * ❌ Traditional OAuth query parameters are **REJECTED** * ✅ All OAuth parameters must be in a **signed JWT** * Choose **HS256** (client secret) or **EdDSA** (key pair) **For complete JAR details, see** [**JAR Requirement**](broken://pages/o5zOSdwIY61fIuUxsDcR) ## Integration Roadmap Here's your complete journey from start to finish: ## Simple Integration Workflow ### Step-by-Step Guide Navigation | Step | Page | Description | Time Estimate | | ------------ | ----------------------------------------------------------- | -------------------------------------------- | ------------- | | **Setup** | [Prerequisites](broken://pages/qErS2kM8hpRocnYPaDQW) | Environment setup, Oten registration | 30 minutes | | **JAR** | [JAR Requirement](broken://pages/o5zOSdwIY61fIuUxsDcR) | **CRITICAL**: Understanding JAR requirements | 15 minutes | | **Library** | [Choose OAuth Library](broken://pages/CuJNdfiNnGHuqh7gDIK2) | Select JAR-compatible library | 20 minutes | | **Config** | [Configure Client](broken://pages/dEuJONk1kgkDKzShQ91z) | Set up OAuth client with JAR | 30 minutes | | **Auth** | [Authorization Flow](broken://pages/1zKgOda9hrWwNX8K6Zea) | Implement JAR authorization | 45 minutes | | **Callback** | [Handle Callback](broken://pages/ptByYQGxY6FoBjvmWxhC) | Process OAuth callback | 30 minutes | | **Tokens** | [Token Management](broken://pages/WngFFL6DWMZ9GvaRUH0c) | Secure token storage & refresh | 45 minutes | **Total Estimated Time**: 3-4 hours for basic implementation ## What Type of App Are You Building? Choose your path based on what you're building: ### Web App with Backend Server **Examples**: Traditional websites, admin panels, internal tools | What You Have | What You Need | | ------------------------------------------ | ------------------------ | | Backend server (Node.js, Python, Go, etc.) | ✅ **Easiest path** | | Database for user sessions | ✅ Store secrets securely | | Server-side rendering | ✅ Full control over auth | **Go to**: [Server-Side Integration Guide](broken://pages/CuJNdfiNnGHuqh7gDIK2) ### Frontend-Only App (SPA) **Examples**: React app, Vue app, Angular app (no backend) | What You Have | What You Need | | ----------------------- | ------------------------------- | | Frontend framework only | ❌ **More complex** | | No backend server | ⚠️ Need backend service for JAR | | Browser-based app | ⚠️ Cannot store secrets safely | **You Need**: A small backend service to handle JAR creation **Go to**: [SPA Integration Guide](broken://pages/CuJNdfiNnGHuqh7gDIK2) ### Mobile App **Examples**: iOS app, Android app, React Native | What You Have | What You Need | | ---------------------- | ------------------------------- | | Mobile application | ❌ **Most complex** | | App store distribution | ⚠️ Need backend service for JAR | | Native or hybrid app | ⚠️ Deep link handling required | **You Need**: Backend service + deep link setup **Go to**: [Mobile Integration Guide](broken://pages/CuJNdfiNnGHuqh7gDIK2) ## How to Sign Your Requests (JAR) Oten requires signed requests for security. Choose your signing method: ### Method 1: Use Client Secret (Easier) **For beginners and development** | Pros | Cons | Best For | | -------------------- | --------------- | --------------- | | ✅ Simple setup | ❌ Less secure | Development | | ✅ No key management | ❌ Shared secret | Internal apps | | ✅ Quick to implement | | Getting started | **How it works**: Use your client secret (password) to sign requests ### Method 2: Use Key Pairs (More Secure) **For production and public apps** | Pros | Cons | Best For | | ------------------- | ----------------------- | ------------- | | ✅ Very secure | ❌ More complex setup | Production | | ✅ No shared secrets | ❌ Key management needed | Public apps | | ✅ Industry standard | | High security | **How it works**: Generate a key pair, keep private key secret, register public key ## 🚀 Quick Recommendations ### 👨‍💻 For Beginners **Start with Go + Client Secret method** | Why Go? | Why Client Secret? | | ------------------------------- | ---------------------- | | ✅ We provide ready-made library | ✅ Simpler to implement | | ✅ Built-in JAR support | ✅ No key management | | ✅ Complete examples | ✅ Works for most cases | | ✅ 1-2 hours to implement | ✅ Good for learning | ### 🏭 For Production Apps **Use EdDSA for better security** | Security Level | Method | Best For | | -------------- | ------ | --------------------------- | | 🟡 **Good** | HS256 | Internal tools, development | | 🟢 **Better** | EdDSA | Production, public apps | ### 💡 Simple Decision Tree **Question 1**: Is this for production? * **No** → Use Client Secret method * **Yes** → Continue to Question 2 **Question 2**: Do you have a backend server? * **Yes** → Use Key Pairs method * **No** → You need to build a small backend service first ## 🎯 What Happens When User Logs In? **Simple 5-step process:** | Step | What Happens | Who Does It | | ---- | -------------------------------- | ----------- | | 1️⃣ | User clicks "Login" | User | | 2️⃣ | App creates signed request (JAR) | Your app | | 3️⃣ | User enters password at Oten | User | | 4️⃣ | Oten sends back a code | Oten | | 5️⃣ | App exchanges code for tokens | Your app | **Result**: User is logged in and can use your app! ## 🛠️ What You Need to Build ### For Client Secret Method (Easier) 1. **Sign requests** with your client secret 2. **Handle the callback** when user returns 3. **Store tokens** safely 4. **Use tokens** for API calls ### For Key Pairs Method (More Secure) 1. **Generate key pair** (one time setup) 2. **Register public key** with Oten 3. **Sign requests** with private key 4. **Handle the callback** when user returns 5. **Store tokens** safely 6. **Use tokens** for API calls *** ## Ready to Start? **Choose your path:** ### **Recommended for Beginners** [**Go with Client Secret**](broken://pages/CuJNdfiNnGHuqh7gDIK2) - Easiest path, 1-2 hours ### **For Other Languages** [**Choose Your Library**](broken://pages/CuJNdfiNnGHuqh7gDIK2) - More setup needed, 2-4 hours ### **For Production Apps** [**Key Pairs Setup**](broken://pages/Dh6xDgKUfcwFtlZAntPO) - Most secure, requires key management *** **Next**: [Step 1: Choose OAuth Library](broken://pages/CuJNdfiNnGHuqh7gDIK2) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://oten.gitbook.io/identity-support/integration/developer-integration-guide/integration-flow-overview.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.