PRAMAAN TRUSTED IDENTITY PROVIDER
OAuth 2.0 & OpenID Connect

Modern Identity Infrastructure

Secure authentication, token lifecycle management, and standards-compliant OAuth 2.0 + OpenID Connect flows for web, mobile, and backend systems.

Get Started
PKCE & Refresh Token Rotation
OIDC Discovery & JWKS
Client & Scope Management

How it works

OAuth in three clear steps

Pramaan issues and secures tokens, while your app focuses on product logic.

01

Authorize

Redirect users to Pramaan for authentication and consent. We handle credentials, MFA, session security, and policy enforcement centrally.

02

Exchange

Your backend securely exchanges the authorization code for access and refresh tokens via the token endpoint.

03

Secure

Access protected APIs with short-lived tokens, rotate refresh tokens automatically, and introspect sessions for full visibility and control.

OAuth 2.0 Flow

Pramaan uses the Authorization Code flow with PKCE to securely authenticate users. Tokens are exchanged server-side and never exposed to the browser.

Step 1 · Redirect User Client 
const authorizeUrl = new URL(
  "https://pramaan.anujacharjee.com/api/oauth/authorize"
);

authorizeUrl.search = new URLSearchParams({
  client_id: process.env.AUTH_CLIENT_ID,
  redirect_uri: "https://client.com/callback",
  response_type: "code",
  scope: "openid profile email",
  state: csrfToken,
  nonce: randomValue,
  code_challenge: pkceChallenge,
  code_challenge_algo: "sha256",
}).toString();

res.redirect(authorizeUrl.toString());
Step 2 · Exchange Code Client 
const response = await fetch(
  "https://pramaan.anujacharjee.com/api/oauth/token",
  {
    method: "POST",
    headers: {
      "content-type": "application/x-www-form-urlencoded",
    },
    body: new URLSearchParams({
      grant_type: "authorization_code",
      code,
      code_verifier: pkceVerifier,
      client_id: issued_client_id,
      client_secret: issued_client_secret,
    }),
  }
);

const tokens = await response.json();

Why Pramaan

Secure defaults, modern developer UX

Ship trusted identity flows with audit-friendly controls, built-in security features, and clean APIs.

Strong sessions

Short-lived access tokens, refresh rotation, and revocation support.

Client registry

Manage redirect URIs, scopes, and secrets from one dashboard.

Open standards

OAuth 2.0 + OIDC endpoints aligned with best practices.

Risk controls

Sign-in verification, lockouts, and configurable token expiry.

Ready to launch your identity layer?

Create an account, register your first client, and start authenticating in minutes.

Sign up now