search
Luafaq.orgLua OrgCommunity ResourcesPlay Now

OpenID OAuth

This guide explains how to:

  • Register an OAuth app

  • Implement Authorization Code Flow (with optional PKCE)

  • Exchange tokens

  • Retrieve user data with OpenID Connect

  • Manage user authorizations

hashtag
🌐 Base URLs

  • API Base: https://api.brickverse.gg

  • Versioned Prefix: /api/v3

Example full endpoint:

https://api.brickverse.gg/api/v3/oauth/token

hashtag
🔐 Authentication Overview

BrickVerse OAuth supports:

Auth Type
Used For

Session Auth (cookie)

App management + user consent

Client Auth (client_id + client_secret)

Token exchange

Bearer Token

UserInfo endpoint

hashtag
📦 Supported Scopes

When registering apps or requesting authorization, use these scope values:

  • OPENID

  • PROFILE

  • EMAIL

  • PHONE

  • GUILDS

Example scope string:

hashtag
1️⃣ Register an OAuth Application

hashtag
Create an App

Endpoint:

(Session authentication required)

hashtag
Request Body

hashtag
Response

Returns your app including:

  • clientId

  • clientSecret

⚠️ Store your clientSecret securely. Never expose it in frontend code.

hashtag
Manage Your Apps

Method
Endpoint
Description

GET

/api/v3/oauth/apps

List your apps

GET

/api/v3/oauth/apps/:id

Retrieve app details

PUT

/api/v3/oauth/apps/:id

Update app (DRAFT only)

POST

/api/v3/oauth/apps/:id/submit

Submit for approval

DELETE

/api/v3/oauth/apps/:id

Delete app (DRAFT only)

Only approved apps can be used in production authorization flows.

hashtag
2️⃣ Authorization Code Flow (with optional PKCE)

BrickVerse supports standard OAuth 2.0 + OpenID Connect.

hashtag
Step 1: Request Consent Data

(Session auth required)

hashtag
Query Parameters

Parameter
Required
Notes

client_id

Your app’s ID

redirect_uri

Must match registered URL

response_type

code

scope

Space-separated

state

Optional

CSRF protection

nonce

Optional

Required for OpenID

code_challenge

Optional

For PKCE

code_challenge_method

Optional

plain or S256

hashtag
Example

This returns consent screen data for your UI.

hashtag
Step 2: Submit Consent Decision

(Session auth required)

hashtag
Response

If denied:

hashtag
3️⃣ Exchange Authorization Code for Tokens

Supported grant types:

  • authorization_code

  • refresh_token

hashtag
Authorization Code Exchange

hashtag
Success Response

If OPENID scope was granted, an id_token will be returned.

hashtag
Refresh Token Exchange

hashtag
4️⃣ Get User Information (OpenID Connect)

hashtag
Response

Returns claims based on granted scopes.

Minimum claim:

Additional claims depend on:

  • PROFILE

  • EMAIL

  • PHONE

  • GUILDS

hashtag
5️⃣ Discovery & JWKS

BrickVerse provides OpenID Connect discovery:

  • GET /.well-known/openid-configuration

  • GET /.well-known/jwks.json

Use the discovery document to dynamically retrieve:

  • Authorization endpoint

  • Token endpoint

  • UserInfo endpoint

  • jwks_uri

hashtag
6️⃣ User Authorized App Management

Users can manage connected applications.

Method
Endpoint
Description

GET

/api/v3/oauth/authorized-apps

List connected apps

DELETE

/api/v3/oauth/authorized-apps/:id

Revoke access

Revoking deletes:

  • Authorization

  • Access tokens

  • Refresh tokens

hashtag
⚠️ Common Error Codes

hashtag
Token Endpoint

  • invalid_client

  • invalid_request

  • invalid_grant

  • unsupported_grant_type

hashtag
UserInfo Endpoint

  • invalid_token

hashtag
✅ Best Practices

  • Always use HTTPS

  • Use PKCE for public clients (SPA / mobile)

  • Validate state and nonce

  • Store secrets securely

  • Implement token refresh logic

  • Validate id_token signature using JWKS

PreviousWelcomeNextEmpowering Responsible Gameplay: A Guide to ModerationService in BrickVerse

Last updated

Was this helpful?