Sign In With BlueNexus

Coming Soon: OpenID Connect support is planned for a future release. This document outlines the intended flow.

You can currently use BlueNexus's OAuth 2.1 endpoints for user authorization (see Connect BlueNexus), but full OpenID Connect support is not yet available.

How It Works

This flow follows the OpenID Connect specification.

  1. Add a “Sign in with BlueNexus” button to your app.

  2. Redirect the user to BlueNexus’s OAuth authorization URL:

    curl -X GET "https://api.bluenexus.ai/oauth/authorize \
  ?client_id=YOUR_CLIENT_ID \
  &client_secret=YOUR_CLIENT_SECRET \
  &redirect_uri=https://yourapp.com/callback \
  &response_type=code \
  &scope=openid%20profile%20email%20account%20user-data \
  &state=YOUR_STATE_VALUE \
  &code_challenge=YOUR_PKCE_CODE_CHALLENGE \
  &code_challenge_method=S256"

Note: client_secret is only required for confidential clients. code_challenge and code_challenge_method are required for all clients (PKCE).

  1. BlueNexus authenticates the user and redirects them back to your app with an authorization code.

  2. Exchange the code for tokens using your backend:

    curl -X POST "https://api.bluenexus.ai/api/v1/auth/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=authorization_code" \
  -d "code=YOUR_AUTHORIZATION_CODE" \
  -d "redirect_uri=https://yourapp.com/callback" \
  -d "client_id=YOUR_CLIENT_ID" \
  -d "client_secret=YOUR_CLIENT_SECRET" \
  -d "code_verifier=YOUR_PKCE_CODE_VERIFIER"

Note: client_secret is only required for confidential clients. code_verifier is required for all clients (PKCE).

  1. Save the tokens in your application (ideally via a secure cookie) and use them for API access.

  2. Handle Expired tokens in your application

PreviousConnecting UsersNextConnect BlueNexus

Last updated