Applications
Creating an Application
Section titled “Creating an Application”Navigate to the New Application page and fill in:
| Field | Required | Description |
|---|---|---|
| Application ID | Yes | Unique identifier, e.g. tobby. Used internally. |
| Name | Yes | Display name |
| Audience | Yes | JWT audience claim. Each SaaS backend verifies this value. |
| Redirect URIs | Yes | OAuth callback URLs, one per line |
| Client Type | Yes | web (confidential, has secret) or native (public, PKCE) |
| Webhook URL | No | Event callback URL (Phase 3) |
| Webhook Secret | No | HMAC signing key for webhooks |
| SSO Group ID | No | Group name for session sharing. Leave empty for isolated apps. |
On creation, the admin console displays:
- Client ID (e.g.
scli_xxx) — used in OAuth flows - Client Secret (e.g.
xxx) — shown once, cannot be retrieved later
Save these credentials. The secret is hashed (SHA-256) before storage.
Viewing Applications
Section titled “Viewing Applications”The Dashboard lists all registered applications with status, audience, and creation date. Click any row to open the detail page.
Application Detail
Section titled “Application Detail”The detail page shows tabbed views:
| Tab | Purpose |
|---|---|
| Overview | Application metadata, OAuth client ID, SSO group |
| Users | User membership list with status management |
| Invitations | Send and manage invitations |
| API Keys | Create and revoke M2M credentials |
| Auth Policy | Per-application authentication rules |
Status Values
Section titled “Status Values”| Status | Meaning |
|---|---|
active | Application is operational, accepts signups and signins |
suspended | Application is disabled, all auth requests are rejected |