The OakID Developer Portal is where you create and manage OAuth applications. URL: id.oakwall.mom/developer You must be signed in with an OakID account to access the portal.

Create an application

1

Open Developer Portal

Navigate to Developer in the OakID header, or go directly to /developer.
2

New application

Click New application. Choose a display name your users will see on the consent screen.
3

Redirect URIs

Add every URL that receives the authorization code. URIs must match exactly — scheme, host, port, and path included.
https://myapp.example.com/auth/callback
https://staging.myapp.example.com/auth/callback
Wildcards are not supported. Register each callback URL separately.
4

Save credentials

Copy client_id (oak_…) and client_secret immediately. The secret is shown only once at creation or regeneration.

Client credentials

FieldFormatUsage
client_idoak_ + hexPublic identifier — safe in frontend authorize URLs
client_secretRandom stringConfidential clients only — send on /oauth/token, never expose in browser
Send credentials to the token endpoint via:
  • Request body: client_id + client_secret form fields, or
  • HTTP Basic auth: Authorization: Basic base64(client_id:client_secret)

Manage applications

From the app detail page you can:
  • Edit redirect URIs — add or remove callback URLs
  • Regenerate secret — invalidates the old secret and all active refresh tokens for that client
  • Revoke user sessions — force re-consent for all users of this app
  • View audit log — token issuances and consent events
Regenerating a client secret immediately breaks any integration still using the old secret. Update your server configuration before regenerating in production.

Allowed scopes

Default allowed scopes for new apps:
openid profile email
ScopeConsent text
openidVerify your identity (OIDC)
profileRead display name and avatar
emailRead email address
openid is required for ID token issuance. Request only scopes your app needs.

Personal access tokens

The Developer Portal also supports personal access tokens (PATs) for direct API access on behalf of your account — useful for scripts and CI. PATs are not OAuth tokens; they authenticate as you directly.

Next steps

Quickstart

Complete your first authorization code exchange.

Authorization code flow

Full flow diagram and parameter reference.