pasbydocs
OIDC API

Get user claims

POST /api/v1/oidc/resource — national ID and consented claims.

POST /api/v1/oidc/resource

Header: Authorization: Bearer <access-jwt>

FieldTypeRequiredDescription
challengestringYesValue from exchange (data.challenge)
appstringYesYour app id (Console client id)

Success (typical): 200data.national, data.country, data.claims when a user is resolved; may be {} in misconfigured or empty environments.

Map only approved fields into your user model. See Claims reference for key definitions.

Common errors: expired access token, wrong challenge, invalid Bearer header — see Errors.

SDK usage

import { getEID } from "@finsel-dgi/pasby-next/server";
import { cookies } from "next/headers";

const user = await getEID(await cookies());

if (user) {
  console.log(user.national, user.claims?.contact?.email);
}

Uses cookies set at handshake. Full guide: Next.js OIDC

import { eidResource } from "@finsel-dgi/pasby-react/server";

const user = await eidResource({
  accessCode: tokens.access,   // from tokenSwap (encrypted)
  challenge: tokens.challenge, // session challenge from tokenSwap (encrypted)
});

// User type exported from @finsel-dgi/pasby-react
console.log(user.national, user.country, user.claims);

Full guide: React OIDC

// POST https://oauth.pasby.africa/api/v1/oidc/resource
// Header: Authorization: Bearer <access-jwt>
// Body: {"challenge":"<session-challenge>","app":"<PASBY_CLIENT_ID>"}

Exchange token

POST /api/v1/oidc/kupeana and /shake — trade handshake for Bearer access.

Claims reference

Every ID data claim key, response shape, encryption, and copy-paste request examples.

On this page

POST /api/v1/oidc/resourceSDK usageRelated