Integration Guide

Step-by-step integration with complete code examples.

1. Redirect to LoginSign

Send the user to the OAuth authorize URL (see OAuth Flow for the exact URL and parameters). Example link:

<a href="https://loginsign.com/oauth/authorize?client_id=YOUR_CLIENT_ID&redirect_uri=https://yourapp.com/callback&response_type=code&scope=email%20profile&state=random_state">
  Sign in with LoginSign
</a>

Replace the base URL with your LoginSign deployment if different (e.g. https://auth.loginsign.com).

2. Callback: receive the code

After the user signs in and consents, LoginSign redirects to your redirect_uri with ?code=...&state=.... Your callback page (or server route) must:

• Read the code and state from the query string
• Verify state matches what you sent (CSRF protection)
• Exchange the code for an access token via POST /oauth/token (see API Reference)

3. Exchange code for token (backend)

// Node.js / Express example: exchange code for access_token
const response = await fetch('https://loginsign.com/oauth/token', {
  method: 'POST',
  headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
  body: new URLSearchParams({
    grant_type: 'authorization_code',
    code: codeFromCallback,
    client_id: process.env.LOGINSIGN_CLIENT_ID,
    client_secret: process.env.LOGINSIGN_CLIENT_SECRET,
    redirect_uri: 'https://yourapp.com/callback',
  }),
});
const { access_token } = await response.json();

4. Get user profile

Use the access token to call the userinfo endpoint:

const userRes = await fetch('https://loginsign.com/api/user', {
  headers: { Authorization: `Bearer ${access_token}` },
});
const user = await userRes.json();
// user: { id, globalId, name, email (masked, e.g. x9s8d7@loginsign.com), image }

Important Notes

• Emails are always masked (e.g. x9s8d7@loginsign.com) — never the real address
• Register redirect URIs in Developer Portal → Settings
• Use HTTPS in production