pro-staging.kodlokasi.myAuth Broker
Sign in with MyDigital ID
Service Operational

MyDigital ID Auth Broker

This service acts as the trusted authentication broker for the EARTHINFO realm. It holds the registered MyDigital ID OAuth credentials and issues short-lived signed tokens to approved downstream applications.

OAuth Redirect

Downstream apps redirect users here with return_app and return_path params.

Token Issuance

After successful MyDigital ID login, a 5-minute signed JWT is issued and the user is redirected back to the originating app.

Whitelist Enforced

Only pre-approved return_app origins are accepted. Unknown apps receive a 400 response.

Approved Return Applications

Failed to load allowed apps list.

Broker Endpoints

GET
/api/auth/mydigitalid
Initiates MyDigital ID OAuth. Accepts return_app and return_path query params.
GET
/api/auth/mydigitalid/callback
Keycloak redirect target. Issues cross-app JWT or local session.
GET
/api/auth/mydigitalid/logout
Clears local session and redirects to MyDigital ID logout.
POST
/api/trpc/crossAuth.verifyToken
Server-to-server xtoken verification (tRPC mutation).