Back to Docs

Getting Started

Quick integration guide to set up OAuth2 with Thalamus in 4 steps

๐ŸŽฏ What is Thalamus?

Thalamus is a centralized OAuth2 authentication service built for modern applications. It enables any application to authenticate users without implementing their own login system.

Single Sign-On (SSO)

One login for all your apps

OAuth2 2.0 Compliant

Industry standard protocol

Multi-Factor Authentication

Enhanced security with MFA

Production Ready

Battle-tested and secure

๐Ÿš€ Integration in 4 Steps

0

Super Admin creates Admin API Key

One-time per service/vertical

1

Your service self-registers as OAuth2 Client

Get client_id + client_secret

2

Configure OAuth2 in your application

Implement authentication flow

3

Users authenticate via Thalamus

Login โ†’ Token โ†’ Access to your app

Step 0

Obtain Admin API Key

Who: Thalamus super admin
When: Once per service/vertical
Result: API Key for service self-registration

A super admin creates an Admin API Key through the dashboard or API:

Create API key via dashboard or API with name, description, and scopes (clients:write, clients:read).

Important: Save the api_key securely. It's shown only once!
Step 1

Register as OAuth2 Client

Who: Your development team
When: Once during initial setup
Result: client_id + client_secret

Your service registers as an OAuth2 client using the Admin API Key:

Use the Admin API Key to POST to /api/clients with: name, organization_id, client_type, redirect_uris, grant_types, and scopes. See Integration Guide for complete examples.

Save these credentials in your environment variables: 

OAUTH2_CLIENT_ID=client_abc123...
OAUTH2_CLIENT_SECRET=secret_xyz789...
OAUTH2_REDIRECT_URI=https://myapp.com/auth/callback
OAUTH2_AUTHORIZE_URL=https://thalamus.example.com/oauth/authorize
OAUTH2_TOKEN_URL=https://thalamus.example.com/oauth/token
Step 2

Configure OAuth2 in Your App

Implement the OAuth2 Authorization Code flow in your application:

  1. Redirect user to /oauth/authorize with client_id, redirect_uri, scope, and state
  2. Handle callback at your redirect_uri with the authorization code
  3. Exchange code for tokens at /oauth/token
  4. Store tokens securely (httpOnly cookies recommended)

See the Integration Guide for complete code examples in Node.js, Python, PHP, and more.

See the Integration Guide for examples in other languages and frameworks.
Step 3

Users Authenticate

Your users can now authenticate through Thalamus! The flow works like this:

  1. User clicks "Login" in your app
  2. They're redirected to Thalamus login page
  3. User enters credentials (with optional MFA)
  4. Thalamus redirects back with authorization code
  5. Your app exchanges code for access token
  6. User is now authenticated!
Done! Your application is now integrated with Thalamus OAuth2.

๐Ÿ“š Next Steps

Integration Guide

Detailed OAuth2 integration with code examples

API Reference

Complete API documentation and endpoints

Admin Dashboard

Manage clients, users, and tokens

Deployment Guide

Deploy to production with Docker