Dashboard →

Wenme Identity Platform

Enterprise-grade OAuth 2.1 authentication for your applications

OAuth 2.1 + PKCE

Passwordless Auth

OpenID Connect

Quick Start

Prerequisites

Create an OAuth application in the Wenme Dashboard
Note your Client ID and Client Secret
Configure your redirect URIs
Implement PKCE for enhanced security (required)

Integration Steps

// 1. Redirect users to Wenme OAuth authorization
const authUrl = new URL('https://identity.wenme.net/oauth/authorize');
authUrl.searchParams.append('client_id', 'YOUR_CLIENT_ID');
authUrl.searchParams.append('redirect_uri', 'YOUR_CALLBACK_URL');
authUrl.searchParams.append('response_type', 'code');
authUrl.searchParams.append('scope', 'openid profile email');
authUrl.searchParams.append('state', generateRandomState());

// 2. PKCE (required for security)
const codeVerifier = generateCodeVerifier();
const codeChallenge = await generateCodeChallenge(codeVerifier);
authUrl.searchParams.append('code_challenge', codeChallenge);
authUrl.searchParams.append('code_challenge_method', 'S256');

window.location.href = authUrl.toString();

Setup Your Application

1. Register Your Application

Go to Wenme Dashboard and create a new OAuth application.

Application Name: Your app name

Redirect URIs: https://yourapp.com/auth/callback

Scopes: openid profile email

2. Store Credentials Securely

Never expose your Client Secret in client-side code.

# .env file
WENME_CLIENT_ID=wenme_abc123...
WENME_CLIENT_SECRET=secret_xyz789...
WENME_REDIRECT_URI=https://yourapp.com/auth/callback

OAuth 2.1 Flow

Authorization Request

Redirect user to Wenme authorization endpoint with PKCE parameters.

// 1. Redirect users to Wenme OAuth authorization
const authUrl = new URL('https://identity.wenme.net/oauth/authorize');
authUrl.searchParams.append('client_id', 'YOUR_CLIENT_ID');
authUrl.searchParams.append('redirect_uri', 'YOUR_CALLBACK_URL');
authUrl.searchParams.append('response_type', 'code');
authUrl.searchParams.append('scope', 'openid profile email');
authUrl.searchParams.append('state', generateRandomState());

// 2. PKCE (required for security)
const codeVerifier = generateCodeVerifier();
const codeChallenge = await generateCodeChallenge(codeVerifier);
authUrl.searchParams.append('code_challenge', codeChallenge);
authUrl.searchParams.append('code_challenge_method', 'S256');

window.location.href = authUrl.toString();

Token Exchange

Exchange authorization code for access tokens.

// 3. Exchange authorization code for tokens
const response = await fetch('https://identity.wenme.net/oauth/token', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    grant_type: 'authorization_code',
    client_id: 'YOUR_CLIENT_ID',
    client_secret: 'YOUR_CLIENT_SECRET',
    code: authorizationCode,
    redirect_uri: 'YOUR_CALLBACK_URL',
    code_verifier: codeVerifier // PKCE verifier
  })
});

const tokens = await response.json();
// tokens.access_token, tokens.id_token, tokens.refresh_token

Get User Information

Use access token to fetch user profile.

// 4. Get user information
const userResponse = await fetch('https://identity.wenme.net/api/user/profile', {
  headers: {
    'Authorization': `Bearer ${tokens.access_token}`
  }
});

const user = await userResponse.json();
// user.id, user.email, user.name, user.avatar

PKCE Security (Required)

Important Security Notice

PKCE (Proof Key for Code Exchange) is required for all OAuth flows to prevent authorization code interception attacks. This is especially critical for mobile and single-page applications.

PKCE Implementation

// Generate code verifier (43-128 characters)
function generateCodeVerifier() {
  const array = new Uint8Array(32);
  crypto.getRandomValues(array);
  return btoa(String.fromCharCode(...array))
    .replace(/\+/g, '-')
    .replace(/\//g, '_')
    .replace(/=/g, '');
}

// Generate code challenge from verifier
async function generateCodeChallenge(verifier) {
  const encoder = new TextEncoder();
  const data = encoder.encode(verifier);
  const hash = await crypto.subtle.digest('SHA-256', data);
  return btoa(String.fromCharCode(...new Uint8Array(hash)))
    .replace(/\+/g, '-')
    .replace(/\//g, '_')
    .replace(/=/g, '');
}

Code Examples

JavaScript Quick Start

// 1. Redirect users to Wenme OAuth authorization
const authUrl = new URL('https://identity.wenme.net/oauth/authorize');
authUrl.searchParams.append('client_id', 'YOUR_CLIENT_ID');
authUrl.searchParams.append('redirect_uri', 'YOUR_CALLBACK_URL');
authUrl.searchParams.append('response_type', 'code');
authUrl.searchParams.append('scope', 'openid profile email');
authUrl.searchParams.append('state', generateRandomState());

// 2. PKCE (required for security)
const codeVerifier = generateCodeVerifier();
const codeChallenge = await generateCodeChallenge(codeVerifier);
authUrl.searchParams.append('code_challenge', codeChallenge);
authUrl.searchParams.append('code_challenge_method', 'S256');

window.location.href = authUrl.toString();

// 3. Exchange authorization code for tokens
const response = await fetch('https://identity.wenme.net/oauth/token', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    grant_type: 'authorization_code',
    client_id: 'YOUR_CLIENT_ID',
    client_secret: 'YOUR_CLIENT_SECRET',
    code: authorizationCode,
    redirect_uri: 'YOUR_CALLBACK_URL',
    code_verifier: codeVerifier // PKCE verifier
  })
});

const tokens = await response.json();
// tokens.access_token, tokens.id_token, tokens.refresh_token

// 4. Get user information
const userResponse = await fetch('https://identity.wenme.net/api/user/profile', {
  headers: {
    'Authorization': `Bearer ${tokens.access_token}`
  }
});

const user = await userResponse.json();
// user.id, user.email, user.name, user.avatar

API Endpoints

Endpoint	Method	Description
/oauth/authorize	GET	OAuth authorization endpoint
/oauth/token	POST	Exchange code for tokens
/api/user/profile	GET	Get user information
/oauth/revoke	POST	Revoke access token
/.well-known/openid-configuration	GET	OpenID Connect discovery
/.well-known/jwks.json	GET	JSON Web Key Set

Available Scopes

Scope	Description
openid	OpenID Connect authentication
profile	User profile information (name, avatar)
email	User email address
offline_access	Refresh token for long-term access

Testing Your Integration

Test Credentials

You can create a test application in the dashboard for development purposes.

Create Test App

OAuth Flow Tester

Use our built-in OAuth flow tester to validate your configuration.

Need Help?

Developer Support

Our team is here to help you integrate Wenme authentication into your applications.

Email Support GitHub Dashboard