Skip to main content

Integrate third-party app with OIDC / OAuth

Use Logto as your identity provider (IdP) to integrate third-party apps via OpenID Connect (OIDC) or OAuth 2.0 protocol.

Create a third-party OIDC application in Logto

Just like how you create a first-party application in Logto, you can also create an application for third-party services that support OIDC. This application will act as an IdP for your third-party applications.

  1. Go to Console > Applications.

  2. Select "Third-party app".

    • If this is the first time you create an application, click on the View all link to see all application types.
    • Otherwise, click on the Create application button on the top right corner of the page and select "Third-party app".

  3. Select an application type based on the third-party application's type:

    • Traditional Web: Server-side applications that can securely store a client secret.
    • Single Page App (SPA): Browser-based applications that use PKCE for authorization.
    • Native: Mobile or desktop applications that use PKCE for authorization.

  4. Enter a name and description for your application and click on the Create button. A new third-party OIDC application will be created.

Set up the integration

After creating the application, follow the Integration guide to complete the setup. The guide covers:

  • Finding your application configurations (Client ID, Client secret, endpoints)
  • Integrating with services that support third-party IdP
  • Integrating via OAuth / OIDC protocol (with code examples for different app types)

Under the hood, a third-party app is a standard OAuth 2.0 / OIDC client. This means you (or the third-party developer) can use any OAuth 2.0 / OIDC library or framework to integrate with Logto.

A few things to keep in mind:

  1. When creating a third-party app, select the appropriate application type based on the app's architecture:
    • Traditional web: Uses client secret for authentication.
    • Single page app / Native: Uses PKCE for secure authorization without a client secret.
  2. Most of our quick start guides are written for first-party apps, but you can still use them as a reference for third-party app integration.
  3. The main difference is that third-party apps will show a consent screen, asking users for explicit permission to access their data.

See Third-party applications for full integration guide.

Manage your third-party applications

All third-party applications will be catalogued on the Applications page, specifically under the Third-party apps tab. This arrangement distinguishes them from first-party applications for you, ensuring easy management.

Further readings

Third-party applications