HubID — Dev Dashboard

Integration Guide

Add HubID authentication to your service in 3 steps.

1 Register your client

INSERT INTO oauth_clients (id, client_id, client_name, redirect_uris, client_type, created_at)
VALUES (gen_random_uuid(), 'my-app', 'My App', '{"https://myapp.com/callback"}', 'public', now());

2 Redirect to HubID for login

// Generate PKCE pair
const verifier = crypto.randomUUID() + crypto.randomUUID();
const challenge = btoa(String.fromCharCode(
  ...new Uint8Array(await crypto.subtle.digest('SHA-256',
    new TextEncoder().encode(verifier)))
)).replace(/\+/g,'-').replace(/\//g,'_').replace(/=+$/,'');

// Store verifier for step 3
sessionStorage.setItem('pkce_verifier', verifier);

// Redirect
window.location = `https://hubid.io/oauth/authorize?` +
  new URLSearchParams({
    response_type: 'code',
    client_id:     'my-app',
    redirect_uri:  'https://myapp.com/callback',
    scope:         'openid profile email',
    state:         crypto.randomUUID(),
    code_challenge: challenge,
    code_challenge_method: 'S256',
  });

3 Exchange code for tokens

// On your /callback page, extract ?code= and exchange it:
const resp = await fetch('https://hubid.io/oauth/token', {
  method: 'POST',
  headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
  credentials: 'include',
  body: new URLSearchParams({
    grant_type:    'authorization_code',
    code:          new URLSearchParams(location.search).get('code'),
    client_id:     'my-app',
    redirect_uri:  'https://myapp.com/callback',
    code_verifier: sessionStorage.getItem('pkce_verifier'),
  }),
});

const { access_token, id_token } = await resp.json();
// access_token = RS256 JWT (15 min) — send as Bearer header
// id_token     = RS256 JWT — user profile claims
// refresh_token is set as httpOnly cookie automatically

Verify tokens Validate JWT signature using JWKS at https://hubid.io/.well-known/jwks.json

Get user info GET https://hubid.io/oauth/userinfo with Authorization: Bearer {access_token}

Refresh tokens POST https://hubid.io/oauth/token with grant_type=refresh_token (cookie sent automatically)

Discovery Full OIDC config at /.well-known/openid-configuration

Registered Users (1)

Name	Email	Providers	Verified	Created
Alex Zen	[email protected]	google	yes	2026-04-10 09:58

OAuth Clients (2)

Client ID	Name	Type	Redirect URIs
`calypso`	Calypso AI Companion	public	https://calypso.zncr.pro/auth/callback
`uncensoredhub`	UncensoredHub.ai	public	https://uncensoredhub.ai/api/auth/callback

Active Sessions

1 active session(s) in Redis

Quick Links

Login Page Register Page Profile Page OIDC Discovery JWKS

Test OIDC Flow

Open the test SPA to simulate a full Authorization Code + PKCE flow.

Open Test SPA

1

SPA generates PKCE pair & redirects to /oauth/authorize

2

HubID shows login (email, Google, Telegram)

3

After auth, HubID redirects back with ?code=XXX

4

SPA exchanges code for tokens via POST /oauth/token

5

SPA receives access_token (JWT) + id_token + refresh_token (cookie)

Endpoints

Method	Path	Purpose
GET	`/.well-known/openid-configuration`	OIDC Discovery
GET	`/.well-known/jwks.json`	Public keys
GET	`/oauth/authorize`	Authorization endpoint
POST	`/oauth/token`	Token exchange
POST	`/oauth/revoke`	Revoke refresh token
GET	`/oauth/userinfo`	User info (Bearer)
GET	`/auth/google/start`	Google OAuth2 start
POST	`/auth/telegram/webapp`	Telegram WebApp auth
GET	`/connect/telegram`	Telegram → Web link