Installation

LoginSign integrates as an OAuth 2.0 identity provider. There is no separate npm SDK required for sign-in: you redirect users to LoginSign and exchange the authorization code on your backend.

When you're logged in to the Developer Portal, open Settings → Quick configuration for copy-ready URLs, client credentials, and widget snippets for your application.

Recommended: Redirect-based OAuth

1) Register redirect URIs in the portal. 2) Send the browser to GET /oauth/authorize with your client_id, redirect_uri, and state. 3) On your callback, POST /oauth/token with the code and client secret (server-side only). 4) Call GET /api/user with the access token.

Use your deployment base URL everywhere (production, staging, or self-hosted). Example documentation paths: OAuth Flow, Integration, API Reference.

Optional: Embeddable widgets (static JS)

For a drop-in button, banner, or embedded login page, load scripts from your LoginSign origin (the same host users see in the browser). Example using a placeholder origin:

<!-- Login button -->
<div id="loginsign-login"
  data-client-id="YOUR_CLIENT_ID"
  data-redirect-uri="https://yourapp.com/oauth/callback"
  data-label="Sign in with LoginSign">
</div>
<script src="https://YOUR_LOGINSIGN_ORIGIN/widgets/login.js" defer></script>

Widget files ship with this project under public/widgets/ (e.g. login.js, banner.js, login-page.js, user.js). See Widgets for attributes and behaviour.

React / Next.js apps

Use a plain <a> or router.push to your authorize URL, then complete the token exchange in a Route Handler or API route. Keeping the client secret on the server is mandatory — do not ship it to browser bundles.

Static sites (no backend)

The OAuth callback URL can be static HTML, but exchanging code → token requires the client secret. Use a small serverless function (Vercel, Netlify, Cloudflare Workers) or any HTTPS endpoint you control to run the token exchange, then redirect back to your static app.

Continue to Integration for end-to-end examples.