Alf Mille Alf Mille

Documentation

OAuth 2.0 integration guide

Alf Mille combines verified identity (KYC) with Laravel Passport–powered OAuth 2.0. Use this guide to understand flows, endpoints, and safe integration patterns for your applications.

Getting Started

To integrate OAuth 2.0 authentication into your application, follow these steps:

  1. Create an OAuth application in the Developer Console
  2. Obtain your Client ID and Client Secret
  3. Implement the OAuth 2.0 authorization flow in your application
  4. Use the access token to access protected resources

What you are integrating

End users sign in through Alf Mille, complete verification when required, and grant your OAuth client limited access via scopes. Your backend exchanges codes or client credentials for tokens and calls protected APIs on behalf of the user or the application.

Scopes and claims

fingerprint

openid

Signals an OpenID Connect style request so an ID token can be issued alongside access tokens when your client and server are configured for it.

person_search

profile

Requests standard profile claims (such as name) when exposed by the authorization server for the authenticated user.

alternate_email

email

Requests access to the user’s verified email address when your application is allowed to read that claim.

Security best practices

  • check_circle

    Use PKCE

    Use Proof Key for Code Exchange for public clients and as defense-in-depth for confidential clients.

  • check_circle

    Validate state

    Send a random state value on authorize and verify it on callback to mitigate CSRF.

  • check_circle

    Protect client secrets

    Never ship client secrets to browsers or mobile apps. Keep token exchange on a trusted server.

Need help?

For product, security, or integration questions, contact us through the contact page.

Contact support