Standard OpenID Connect — no vendor lock-in. Ready-made SDKs for popular stacks.
All endpoints live under https://id.libermall.com. Discovery doc — /.well-known/openid-configuration.
OpenID discovery: /.well-known/openid-configuration Authorize: /login/oauth/authorize Token: /api/login/oauth/access_token UserInfo: /api/userinfo JWKS: /.well-known/jwks Logout: /api/logout
1. User clicks "Sign in with Libermall ID" 2. Redirect to /login/oauth/authorize?response_type=code&client_id=...&redirect_uri=...&state=...&scope=openid+profile+email 3. Casdoor renders the form, the user signs in (Telegram, TON, email, Apple, Google) 4. Casdoor redirects back to your-redirect-uri?code=&state= 5. Your server exchanges the code for an access_token via POST /api/login/oauth/access_token 6. GET /api/userinfo with the Bearer token → claims
npm install openid-client passport passport-openidconnect // index.js const { Issuer, Strategy } = require('openid-client'); const passport = require('passport'); (async () => { const issuer = await Issuer.discover('https://id.libermall.com/.well-known/openid-configuration'); const client = new issuer.Client({ client_id: process.env.LIBERMALL_CLIENT_ID, client_secret: process.env.LIBERMALL_CLIENT_SECRET, redirect_uris: ['https://yourapp.com/auth/callback'], response_types: ['code'], }); passport.use('libermall', new Strategy({ client }, (tokenset, done) => done(null, tokenset.claims()))); })();
composer require laravel/socialite socialiteproviders/generic-oauth2 // config/services.php 'libermall' => [ 'host' => env('LIBERMALL_ID_HOST', 'https://id.libermall.com'), 'client_id' => env('LIBERMALL_ID_CLIENT_ID'), 'client_secret' => env('LIBERMALL_ID_CLIENT_SECRET'), 'redirect' => env('APP_URL') . '/oauth/libermall/callback', ], // routes/web.php Route::get('/oauth/libermall', fn() => Socialite::driver('libermall')->redirect()); Route::get('/oauth/libermall/callback', [LibermallController::class, 'callback']);
# 1. Authorize (open in browser) open "https://id.libermall.com/login/oauth/authorize?response_type=code&client_id=$CLIENT_ID&redirect_uri=$REDIRECT&state=$STATE&scope=openid+profile+email" # 2. Exchange code for token curl -X POST https://id.libermall.com/api/login/oauth/access_token \ -d "grant_type=authorization_code" \ -d "code=$CODE" \ -d "client_id=$CLIENT_ID" \ -d "client_secret=$CLIENT_SECRET" \ -d "redirect_uri=$REDIRECT" # 3. Get user info curl https://id.libermall.com/api/userinfo \ -H "Authorization: Bearer $ACCESS_TOKEN"
{
"iss": "https://id.libermall.com",
"aud": "your_client_id",
"sub": "uuid-of-user",
"preferred_username": "sviatoslav",
"name": "Sviatoslav Gusev",
"email": "[email protected]",
"email_verified": true,
"picture": "https://t.me/i/userpic/320/...",
"tg_id": 12345678,
"tg_username": "defiton",
"wallets": [{ "chain": "ton", "address": "EQ..." }]
}
| Scope | Includes |
|---|---|
openid | Required for OIDC. Returns sub. |
profile | name, preferred_username, picture, tg_id, tg_username |
email | email, email_verified |
wallets | Array of linked TON wallets with verification |
offline_access | refresh_token for long-lived sessions |
quests | Access to the Quest API for Libermall Card achievements |
OAuth app registration is manual for now. Email [email protected] and we will send credentials.
Service name, URL, list of redirect_uri, required scopes.
client_id + client_secret within 24 hours.
Integrate in 5 minutes — the "Sign in with Libermall ID" button just works.
Get a client_id, add the button, and 7,000+ ecosystem users will sign in with a single click.