Developer Dashboard

Build with Cobinar Auth — OAuth 2.0 + OIDC for your apps

Registered apps

—

Sign-ins this week

—

Active tokens

⚠️

KYD Verification required

Verify your identity so users see a trusted badge on your consent screen — just like Google does.

Quick start

Add "Sign in with Cobinar" to your site in under 5 minutes

Complete KYD Verification

Verify your identity so users trust your app on the consent screen

Get a Client ID and optionally a Client Secret

Drop in the button

One script tag and one div — that's it

Exchange the code server-side

POST to /oauth/token to get an access token and user profile

My Apps

Manage your registered OAuth clients

No apps registered yet. Create your first one →

Register New App

You'll receive a Client ID and optional Secret to use with the Cobinar SDK

App identity

Shown on the Cobinar consent screen when users sign in to your app

App name *

Homepage URL *

Description

App icon URL

At least 64×64 px — shown on the consent screen

Redirect URIs *

Exact URIs Cobinar may redirect to after sign-in. No wildcards allowed.

Requested scopes

Only request what your app actually needs — users see every scope on the consent screen

openid

Required

profile

Name + photo

@cobinar.com

dob

Date of birth

offline_access

Refresh token

App type

Application type

Web apps receive a Client Secret. SPAs use PKCE and don't get a secret.

Authorized Origins (optional)

Domains allowed to initiate OAuth with this client. If empty, all origins are permitted. Add your production and staging URLs to prevent misuse if the Client ID is ever exposed.

🧪 Just want to test?

Create a disposable 24-hour test client that works with localhost — no registration form needed.

App Registered ✓

Save your credentials — the Client Secret is shown only once

⚠️ Copy your Client Secret now. It will not be shown again. If lost, rotate it from your app settings.

Your App

Use these in your server-side token exchange

Client ID

—

Client Secret (save now)

—

Approved scopes

—

How to receive the token in your app

Cobinar uses standard OAuth 2.0 + PKCE. Here's the full flow:

① Redirect the user to Cobinar

https://auth.cobinar.com/oauth/authorize
  ?response_type=code
  &client_id=YOUR_CLIENT_ID
  &redirect_uri=https://yourapp.com/callback
  &scope=openid%20profile%20email
  &state=RANDOM_STRING

User sees the Cobinar sign-in screen and the consent page.

② Cobinar redirects back to your app with a code

https://yourapp.com/callback?code=AUTH_CODE&state=YOUR_STATE

Read ?code from the URL in your callback page/route.

③ Exchange the code for tokens (server-side)

POST https://auth.cobinar.com/oauth/token
Content-Type: application/json

{
  "grant_type": "authorization_code",
  "code": "AUTH_CODE",
  "client_id": "YOUR_CLIENT_ID",
  "client_secret": "YOUR_SECRET",
  "redirect_uri": "https://yourapp.com/callback"
}

Do this on your backend — never expose the client_secret in the browser.

④ Response contains the tokens

{
  "access_token": "...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "id_token": "eyJ...",      ← JWT with name, email, uid
  "scope": "openid profile email"
}

⑤ Get user info anytime

GET https://auth.cobinar.com/oauth/userinfo
Authorization: Bearer ACCESS_TOKEN

Returns { uid, email, name, picture, cobinarEmail }.

Using the Cobinar SDK instead

<script src="https://auth.cobinar.com/sdk/cobinar-auth.js"></script>
<script>
  const auth = new CobinarAuth({
    clientId: 'YOUR_CLIENT_ID',
    redirectUri: window.location.origin + '/callback',
  });

  // Sign in
  const user = await auth.signIn();
  console.log(user.email, user.uid);

  // The SDK handles the code exchange automatically.
  // In your callback page, just call:
  await auth.handleCallback();
</script>

The SDK catches the ?code in the URL and exchanges it for you. No backend needed for SPAs.

KYD Verification

Know Your Developer — makes users trust your app on the consent screen

Why verify?

Without verification, your app shows an ⚠️ Unverified app warning — the same warning Google shows for unverified OAuth apps. Verified apps show your name, logo, and domain with a ✓ Verified badge, which dramatically increases user trust and approval rates.

Verification steps

✓

Your Cobinar account is already linked. Done.

Developer / company info

Shown on the consent screen so users know who is requesting access

Full name

Company (optional)

Country

Contact email

Domain ownership

Prove you own your app's domain by adding a TXT record

Identity document (optional — unlocks Verified badge)

Upload a government ID or business registration. Reviewed within 24–48 hours.

📄

Click to upload · PDF, JPG, or PNG · max 10 MB

Embed Guide

Add "Sign in with Cobinar" to any site in minutes

Method 1 — Drop-in (zero config)

One script tag, one div. The SDK auto-renders the button on load.

<!-- Load once, anywhere in your page -->
<script src="https://auth.cobinar.com/sdk/cobinar-auth.js" defer></script>

<!-- Place wherever you want the button -->
<div
  data-cobinar-signin
  data-client-id="YOUR_CLIENT_ID"
  data-scope="openid profile email"
  data-callback="onSignIn"
  data-theme="dark"
  data-size="lg"
></div>

<script>
  function onSignIn(result) {
    // Send result.code to your server to exchange for tokens
    console.log('Auth code:', result.code);
  }
</script>

Method 2 — Programmatic

Full control — trigger sign-in from any button or event.

<script src="https://auth.cobinar.com/sdk/cobinar-auth.js"></script>
<script>
  CobinarAuth.init({
    clientId: 'YOUR_CLIENT_ID',
    scope:    'openid profile email',
    onSuccess(result) {
      // POST result.code to your server
      fetch('/api/auth', { method:'POST', body:JSON.stringify({code:result.code}) });
    },
    onError(err) { console.error(err); }
  });

  CobinarAuth.renderButton('#myDiv', { theme:'dark', size:'lg' });
  // Or trigger from any click:
  document.getElementById('btn').addEventListener('click', () => CobinarAuth.signIn());
</script>

Method 3 — Direct redirect (no SDK)

Build the URL yourself — works in PHP, Rails, plain HTML, anything.

<!-- Link to this URL -->
<a href="https://auth.cobinar.com/oauth/authorize
  ?response_type=code
  &client_id=YOUR_CLIENT_ID
  &redirect_uri=https://myapp.com/auth/callback
  &scope=openid profile email
  &state=RANDOM_STATE">Sign in with Cobinar</a>

// Server-side: exchange the code (Node.js)
const tokens = await fetch('https://auth.cobinar.com/oauth/token', {
  method: 'POST',
  body: new URLSearchParams({
    grant_type:    'authorization_code',
    code:          req.query.code,
    redirect_uri:  'https://myapp.com/auth/callback',
    client_id:     process.env.COBINAR_CLIENT_ID,
    client_secret: process.env.COBINAR_CLIENT_SECRET,
  })
}).then(r => r.json());

Button options

Attribute / Option	Values	Default
data-theme	dark · light · accent	dark
data-size	sm · default · lg · xl	default
data-mode	signin · signup	signin
data-label	any string	Sign in with Cobinar