Pehchan Developer Documentation

Getting Started

Learn how to integrate Pehchan SSO into your application

To get started with Pehchan SSO integration, you'll need to:

Request a client ID by emailing ali@codeforpakistan.org
Receive your client ID
Implement the SSO flow in your application

Login Flow

How to implement the Pehchan login flow in your application

1. Redirect to Pehchan Login

Redirect your users to the Pehchan login page with the following parameters:

const authUrl = new URL('https://pehchan.codeforpakistan.org/login')
authUrl.searchParams.append('client_id', 'your-client-id')
authUrl.searchParams.append('redirect_uri', 'https://your-app.com/auth/callback')
authUrl.searchParams.append('state', 'random-state-string')

Note: The client_id is provided when you request access. The redirect_uri must match the URL where you want to receive the authentication response.

2. Handle the Callback

After successful login, users will be redirected back to your application with the following parameters:

// URL: https://your-app.com/auth/callback?access_token=...&id_token=...&state=...
const urlParams = new URLSearchParams(window.location.search)
const accessToken = urlParams.get('access_token')
const idToken = urlParams.get('id_token')
const state = urlParams.get('state')

// Verify state matches what you sent
if (state !== 'random-state-string') {
  // Handle error
}

Security Considerations

Always validate the state parameter to prevent CSRF attacks
Store the access token securely and never expose it to the client
Implement proper token refresh logic
Use HTTPS for all API calls

Request Client ID