Skip to main content

Quick Start Guide

Get your application integrated with Mubarokah ID OAuth 2.0 authentication in just a few steps. This guide will have you up and running in under 10 minutes.

Prerequisites

Before you begin, make sure you have:

Application Registration

Contact Mubarokah ID to register your application and get your credentials

HTTPS Endpoint

Your redirect URI must use HTTPS in production

Step 1: Get Your Credentials

After registering with Mubarokah ID, you’ll receive:
  • Client ID: Your application’s unique identifier
  • Client Secret: Keep this secure on your server
  • Redirect URI: Where users return after authentication

Step 2: Install Dependencies

Choose your preferred framework and install the necessary packages: 
composer require guzzlehttp/guzzle

Step 3: Environment Configuration

Set up your environment variables:
.env
MUBAROKAH_CLIENT_ID=your_client_id_here
MUBAROKAH_CLIENT_SECRET=your_client_secret_here
MUBAROKAH_REDIRECT_URI=https://yourapp.com/auth/callback
MUBAROKAH_BASE_URL=https://mubarokah.id

Step 4: Implement the OAuth Flow

Authorization Request

Redirect users to Mubarokah ID for authentication: 
const authUrl = new URL('https://mubarokah.id/oauth/authorize');
authUrl.searchParams.set('response_type', 'code');
authUrl.searchParams.set('client_id', process.env.MUBAROKAH_CLIENT_ID);
authUrl.searchParams.set('redirect_uri', process.env.MUBAROKAH_REDIRECT_URI);
authUrl.searchParams.set('scope', 'view-user');
authUrl.searchParams.set('state', generateSecureState());

// Redirect user
res.redirect(authUrl.toString());

Handle the Callback

Exchange the authorization code for tokens: 
app.get('/auth/callback', async (req, res) => {
  const { code, state } = req.query;
  
  // Verify state parameter
  if (!verifyState(state)) {
    return res.status(400).send('Invalid state');
  }

  try {
    // Exchange code for tokens
    const tokenResponse = await axios.post('https://mubarokah.id/oauth/token', {
      grant_type: 'authorization_code',
      client_id: process.env.MUBAROKAH_CLIENT_ID,
      client_secret: process.env.MUBAROKAH_CLIENT_SECRET,
      code: code,
      redirect_uri: process.env.MUBAROKAH_REDIRECT_URI
    });

    const { access_token } = tokenResponse.data;
    
    // Get user info
    const userResponse = await axios.get('https://mubarokah.id/api/user', {
      headers: { Authorization: `Bearer ${access_token}` }
    });

    // Handle successful login
    req.session.user = userResponse.data;
    res.redirect('/dashboard');
  } catch (error) {
    res.status(500).send('Authentication failed');
  }
});

Step 5: Test Your Integration

  1. Start your application
  2. Navigate to your login page
  3. Click “Login with Mubarokah ID”
  4. Complete the authentication flow
  5. Verify you receive user data

Next Steps

Security Best Practices

Learn essential security measures for production

Framework Integration Guides

Detailed examples for Laravel, Node.js, and Python

User Permissions & Scopes

Understanding different access levels

API Reference

Complete API documentation

Common Issues

Ensure your redirect URI exactly matches what’s registered with Mubarokah ID, including the protocol (https://) and any trailing slashes.
Double-check your MUBAROKAH_CLIENT_ID and MUBAROKAH_CLIENT_SECRET environment variables. Make sure there are no extra spaces or characters.
Implement proper state validation to prevent CSRF attacks. Store the state in the user’s session and verify it matches on callback.

Support

Need help? Contact our support team at [email protected] or join our WhatsApp community.