Auth on Tanvrit
A complete auth surface — phone OTP, social (Google / Apple / Facebook / GitHub), magic links, passkeys — wrapped in three modes that scale from one-line integration to "Sign in with Tanvrit" cross-tenant SSO.
OAuth modes
The three integration shapes (Shared, BYO, Sign in with Tanvrit) and how to pick.
Sign in with Tanvrit
Full OIDC IdP guide — discovery, PKCE, ID-token verification, SDK helper.
Onboarding checklist
Step-by-step bring-up for a new app on Tanvrit auth.
Developer portal →
Register your app, manage OIDC clients, edit provider credentials.
Quick reference
| Issuer | https://api.tanvrit.com |
|---|---|
| Discovery | /.well-known/openid-configuration |
| JWKS | /.well-known/jwks.json |
| Authorize | GET /oauth/authorize (PKCE-required, S256) |
| Token | POST /oauth/token (client_secret_post or client_secret_basic) |
| UserInfo | GET /oauth/userinfo (Bearer) |
| Revoke | POST /oauth/revoke (RFC 7009) |
| Login (hosted) | /oauth/login — phone-OTP page for unauthenticated users |
| SDK helper | com.tanvrit:auth:2.0.4 → SignInWithTanvrit |