Configuring Your App
Last updated
Was this helpful?
Last updated
Was this helpful?
Each application receives two credentials which can be exchanged for auth tokens:
The client ID is your application's username. It identifies your application and doesn't change.
The client secret is your application's password. It's the secret that proves that your application is really making calls, and allows your application to authenticate itself and its users.
Never share your client secret with anyone, or use it directly in code. Never commit a .env
containing this secret.
It should be kept hidden from your front-end and from your users.
See the to find out how to obtain these properties.
Whatever the you use, you'll end up with a bearer token.
to pass this token in the Authorization
header of every request. If you are using next-auth
, you can retrieve the session token using the useSession
hook.
Any authentication library that supports OAuth 2.0 can integrate the Niftory authentication provider.
Staging
Production
Otherwise, you may need to check the above URLs to find our authorization endpoint and token endpoints.
In the backend you can use to get a token, and then include it in your requests in the same way:
The information you need to set this up varies depending on the authentication library you use. If your library supports , so you can simply point it to our well-known endpoints: