Skip to main content

OIDC-lite Flow

OIDC-lite Authorization Code Flow

PayWise Identity uses an OIDC-lite authorization code flow.

ELI5: what this means

Think of OIDC like a trusted security desk for a building:

Your app is the office you want to enter.
PayWise Identity is the security desk.
The user signs in once at the security desk (not inside every office).
The desk gives your app a short-lived pass to prove who the user is.

So your app does not handle passwords directly. It receives secure tokens from Identity and uses those tokens to let the user continue safely.

App -> /authorize
User -> Sign in (Passkey or TOTP)
Identity -> returns authorization code
App -> exchanges code at /token
Identity -> returns id_token + access_token + refresh_token

Why this flow

Keeps credentials at Identity only
Avoids exposing long-lived secrets in browser apps
Supports token refresh without repeated sign-in

Environment hosts

Sandbox Identity: sandbox-identity.paywise.co
Production Identity: identity.paywise.co

OIDC-lite Authorization Code Flow
ELI5: what this means
Why this flow
Environment hosts