> For the complete documentation index, see [llms.txt](https://oten.gitbook.io/identity-support/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://oten.gitbook.io/identity-support/integration/developer-integration-guide/integration-flow-overview.md).

# Integration flow overview

Welcome to the Oten IDP Developer Integration Guide! This page provides a comprehensive overview of the entire integration process, giving you a roadmap before diving into the detailed implementation steps.

## 🎯 What You'll Learn

This overview covers:

* **Complete integration workflow** from setup to production
* **Step-by-step roadmap** with clear milestones
* **JAR (JWT-Secured Authorization Request) requirements** - CRITICAL for Oten IDP
* **Different client types** and their specific implementation paths
* **Security considerations** and best practices
* **Testing and deployment** strategies

## 🚨 Before You Start - JAR Requirement

**CRITICAL**: Oten IDP requires JAR (JWT-Secured Authorization Request) for ALL authorization requests.

**Key Points:**

* ❌ Traditional OAuth query parameters are **REJECTED**
* ✅ All OAuth parameters must be in a **signed JWT**
* Choose **HS256** (client secret) or **EdDSA** (key pair)

**For complete JAR details, see** [**JAR Requirement**](broken://pages/o5zOSdwIY61fIuUxsDcR)

## Integration Roadmap

Here's your complete journey from start to finish:

## Simple Integration Workflow

### Step-by-Step Guide Navigation

| Step         | Page                                                        | Description                                  | Time Estimate |
| ------------ | ----------------------------------------------------------- | -------------------------------------------- | ------------- |
| **Setup**    | [Prerequisites](broken://pages/qErS2kM8hpRocnYPaDQW)        | Environment setup, Oten registration         | 30 minutes    |
| **JAR**      | [JAR Requirement](broken://pages/o5zOSdwIY61fIuUxsDcR)      | **CRITICAL**: Understanding JAR requirements | 15 minutes    |
| **Library**  | [Choose OAuth Library](broken://pages/CuJNdfiNnGHuqh7gDIK2) | Select JAR-compatible library                | 20 minutes    |
| **Config**   | [Configure Client](broken://pages/dEuJONk1kgkDKzShQ91z)     | Set up OAuth client with JAR                 | 30 minutes    |
| **Auth**     | [Authorization Flow](broken://pages/1zKgOda9hrWwNX8K6Zea)   | Implement JAR authorization                  | 45 minutes    |
| **Callback** | [Handle Callback](broken://pages/ptByYQGxY6FoBjvmWxhC)      | Process OAuth callback                       | 30 minutes    |
| **Tokens**   | [Token Management](broken://pages/WngFFL6DWMZ9GvaRUH0c)     | Secure token storage & refresh               | 45 minutes    |

**Total Estimated Time**: 3-4 hours for basic implementation

## What Type of App Are You Building?

Choose your path based on what you're building:

### Web App with Backend Server

**Examples**: Traditional websites, admin panels, internal tools

| What You Have                              | What You Need            |
| ------------------------------------------ | ------------------------ |
| Backend server (Node.js, Python, Go, etc.) | ✅ **Easiest path**       |
| Database for user sessions                 | ✅ Store secrets securely |
| Server-side rendering                      | ✅ Full control over auth |

**Go to**: [Server-Side Integration Guide](broken://pages/CuJNdfiNnGHuqh7gDIK2)

### Frontend-Only App (SPA)

**Examples**: React app, Vue app, Angular app (no backend)

| What You Have           | What You Need                   |
| ----------------------- | ------------------------------- |
| Frontend framework only | ❌ **More complex**              |
| No backend server       | ⚠️ Need backend service for JAR |
| Browser-based app       | ⚠️ Cannot store secrets safely  |

**You Need**: A small backend service to handle JAR creation **Go to**: [SPA Integration Guide](broken://pages/CuJNdfiNnGHuqh7gDIK2)

### Mobile App

**Examples**: iOS app, Android app, React Native

| What You Have          | What You Need                   |
| ---------------------- | ------------------------------- |
| Mobile application     | ❌ **Most complex**              |
| App store distribution | ⚠️ Need backend service for JAR |
| Native or hybrid app   | ⚠️ Deep link handling required  |

**You Need**: Backend service + deep link setup **Go to**: [Mobile Integration Guide](broken://pages/CuJNdfiNnGHuqh7gDIK2)

## How to Sign Your Requests (JAR)

Oten requires signed requests for security. Choose your signing method:

### Method 1: Use Client Secret (Easier)

**For beginners and development**

| Pros                 | Cons            | Best For        |
| -------------------- | --------------- | --------------- |
| ✅ Simple setup       | ❌ Less secure   | Development     |
| ✅ No key management  | ❌ Shared secret | Internal apps   |
| ✅ Quick to implement |                 | Getting started |

**How it works**: Use your client secret (password) to sign requests

### Method 2: Use Key Pairs (More Secure)

**For production and public apps**

| Pros                | Cons                    | Best For      |
| ------------------- | ----------------------- | ------------- |
| ✅ Very secure       | ❌ More complex setup    | Production    |
| ✅ No shared secrets | ❌ Key management needed | Public apps   |
| ✅ Industry standard |                         | High security |

**How it works**: Generate a key pair, keep private key secret, register public key

## 🚀 Quick Recommendations

### 👨‍💻 For Beginners

**Start with Go + Client Secret method**

| Why Go?                         | Why Client Secret?     |
| ------------------------------- | ---------------------- |
| ✅ We provide ready-made library | ✅ Simpler to implement |
| ✅ Built-in JAR support          | ✅ No key management    |
| ✅ Complete examples             | ✅ Works for most cases |
| ✅ 1-2 hours to implement        | ✅ Good for learning    |

### 🏭 For Production Apps

**Use EdDSA for better security**

| Security Level | Method | Best For                    |
| -------------- | ------ | --------------------------- |
| 🟡 **Good**    | HS256  | Internal tools, development |
| 🟢 **Better**  | EdDSA  | Production, public apps     |

### 💡 Simple Decision Tree

**Question 1**: Is this for production?

* **No** → Use Client Secret method
* **Yes** → Continue to Question 2

**Question 2**: Do you have a backend server?

* **Yes** → Use Key Pairs method
* **No** → You need to build a small backend service first

## 🎯 What Happens When User Logs In?

**Simple 5-step process:**

| Step | What Happens                     | Who Does It |
| ---- | -------------------------------- | ----------- |
| 1️⃣  | User clicks "Login"              | User        |
| 2️⃣  | App creates signed request (JAR) | Your app    |
| 3️⃣  | User enters password at Oten     | User        |
| 4️⃣  | Oten sends back a code           | Oten        |
| 5️⃣  | App exchanges code for tokens    | Your app    |

**Result**: User is logged in and can use your app!

## 🛠️ What You Need to Build

### For Client Secret Method (Easier)

1. **Sign requests** with your client secret
2. **Handle the callback** when user returns
3. **Store tokens** safely
4. **Use tokens** for API calls

### For Key Pairs Method (More Secure)

1. **Generate key pair** (one time setup)
2. **Register public key** with Oten
3. **Sign requests** with private key
4. **Handle the callback** when user returns
5. **Store tokens** safely
6. **Use tokens** for API calls

***

## Ready to Start?

**Choose your path:**

### **Recommended for Beginners**

[**Go with Client Secret**](broken://pages/CuJNdfiNnGHuqh7gDIK2) - Easiest path, 1-2 hours

### **For Other Languages**

[**Choose Your Library**](broken://pages/CuJNdfiNnGHuqh7gDIK2) - More setup needed, 2-4 hours

### **For Production Apps**

[**Key Pairs Setup**](broken://pages/Dh6xDgKUfcwFtlZAntPO) - Most secure, requires key management

***

**Next**: [Step 1: Choose OAuth Library](broken://pages/CuJNdfiNnGHuqh7gDIK2)
