Overview
Use Lamba as your OIDC provider for tenant-aware authentication.
Step 1: Configure redirect URIs
Add your application callback URLs in the OIDC settings for the project.
Step 2: Set the issuer
Use the issuer URL provided in the Lamba console for your project.
Step 3: Exchange tokens
Use the authorization code flow to request tokens.
POST /oauth/token
Step 4: Validate every token
Validate aud and iss, and rotate client secrets on a regular cadence.
Next steps
- Store client IDs per project.
- Log authentication failures for auditability.
- Keep staging and production in separate projects.