Skip to main content

Integrate third-party app with OIDC / OAuth

Use Logto as your identity provider (IdP) to integrate third-party apps via OpenID Connect (OIDC) or OAuth 2.0 protocol.

Create an third-party OIDC application in Logto

Just like how you create a first-party application in Logto, you can also create an application for third-party services that support OIDC. This application will act as an IdP for your third-party applications.

  1. Go to Console > Applications.

  2. Select "Third-party app > OIDC" as the application type.

    • If this is the first time you create an application, click on the View all link to see all application types.

    • Otherwise, click on the Create application button on the top right corner of the page and select "Third-party app -> OIDC" as the application type.

  3. Just like creating a Logto first-party application, enter a name and description for your application and click on the Create button. A new third-party OIDC application will be created.

Setup the OIDC configurations

In order to set up Logto as an IdP for your third-party applications, you need to configure the OIDC settings under the application details page.

  1. Provide the redirect URI of your third-party application. This is the URL that the third-party application will redirect users to after they are authenticated by Logto. You can usually find this information in the third-party application's IdP connection settings page. Logto supports multiple redirect URIs. You can add more redirect URIs by clicking on the Add another button.

  2. Retrieve the client ID and client secret from Logto application details page and enter them into your service provider's IdP connection settings page.

  3. Retrieve the authorization endpoint and token endpoint from Logto application details page and provide them to your service provider.

    • If your service provider supports OIDC discovery, you can simply copy the discovery endpoint from Logto application details page and provide it to your service provider. The service provider will be able to retrieve all the up to date OIDC authentication information from the discovery endpoint automatically.
    • Otherwise, click on the Show endpoint details button to view all the OIDC authentication endpoints.

Under the hood, a third-party app is just a standard OAuth 2.0 / OIDC client. This means you (or the third-party developer) can use any OAuth 2.0 / OIDC library or framework to integrate with Logto.

If you're not familiar with OAuth 2.0 or OIDC, you can start by following one of our “Traditional web” quick start guides.

A few things to keep in mind:

  1. Logto currently requires third-party apps to be “Traditional web” apps. In other words, the app needs a backend server (or backend-for-frontend) to securely store the client secret.
  2. Most our quick start guides are written for first-party apps, but you can still use them as a reference for third-party app integration.
  3. The main difference is that third-party apps will show a consent screen, asking users for explicit permission to access their data.

You can find more information in our quick start guides.

Manage your third-party applications

All third-party applications will be catalogued on the Applications page, specifically under the Third-party apps tab. This arrangement distinguishes them from first-party applications for you, ensuring easy management.

Further readings

Third-party applications