Start session

POST /api/v1/oidc/kipindi

Alias: POST /api/v1/oidc/login (identical)

Headers: Content-Type: application/json, x-api-key, x-access-secret

Field	Type	Required	Description
`challenge`	string	Yes	PKCE code challenge
`callback`	string	Yes	HTTPS return URL after identification
`payload`	string	Yes	User-visible intent text
`action`	enum	Yes	`login` \| `signup` \| `link`
`claims`	string[]	Yes	Claim keys to request

Success (typical): 201 — data.link, data.session

Redirect the user to data.link. Retain data.session for support correlation.

Rate limit: 100 requests / minute per client — back off on 429.

SDK usage

// Encapsulated in handler() — see app/api/eid/[auth]/route.ts
import { handler } from "@finsel-dgi/pasby-next/server";

const pasby = handler(
  {
    claims: ["contact.email", "naming.given"],
    action: "login",
    payload: "Sign in to your app",
  },
  "/auth/error",
);
// GET /api/eid/login → starts session, redirects to data.link

Full guide: Next.js OIDC

import { loginWithSecret } from "@finsel-dgi/pasby-react/server";

const { redirect, pkceverifier, id } = await loginWithSecret({
  claims: ["contact.email", "naming.given", "naming.family"],
  action: "login",
  payload: "Sign in to your app",
  redirect_uri: "https://your-app.com/auth/callback",
});

// redirect → send user to hosted UI
// pkceverifier → store httpOnly until callback
// id → session id (data.session)

Full guide: React OIDC

// Generate PKCE first — see /docs/oidc/pkce
body := map[string]any{
  "challenge": pkceChallenge,
  "callback":  "https://your-app.com/auth/callback",
  "payload":   "Sign in to your app",
  "action":    "login",
  "claims":    []string{"contact.email", "naming.given"},
}
// POST https://oauth.pasby.africa/api/v1/oidc/kipindi
// Headers: x-api-key, x-access-secret, Content-Type: application/json

PKCE — challenge generation
OIDC quickstart — full four-step flow
Claims reference — valid claims keys

POST /api/v1/oidc/kipindi

SDK usage

Related

On this page