Documentation

Complete guide to using the LaunchDarkly OAuth Framework

📚 Table of Contents

Getting Started

• Overview
• Quick Start
• Prerequisites

Features

• OAuth Client Creation
• Testing OAuth Flows
• Code Samples
• Client Management

🎯 Overview

The LaunchDarkly OAuth Framework is designed to simplify the process of building applications that integrate with LaunchDarkly's OAuth authentication system. It provides:

Easy OAuth Client Creation: Web interface for creating OAuth clients without API calls
Development Callback Server: Built-in callback handling for development and testing
Code Samples: Ready-to-use code examples in multiple languages
Client Management: Tools for updating redirect URLs and managing OAuth clients
Testing Tools: Integrated testing interface for OAuth flows

⚡ Quick Start

1. Create a New OAuth Client

Navigate to the Create Client page
Enter your LaunchDarkly API token (requires Admin privileges)
Provide a name for your OAuth client
Choose redirect URL configuration (framework or custom)
Click "Create OAuth Client"

2. Test the OAuth Flow

After creation, click "Test OAuth Flow"
You'll be redirected to LaunchDarkly's authorization page
Complete the authorization process
Verify the callback handling works correctly

3. Get Code Samples

Visit the Templates page
Choose your preferred programming language
Copy the code sample with your credentials pre-filled
Integrate into your application

📋 Prerequisites

LaunchDarkly Account

Active LaunchDarkly account with Admin privileges
API token with Admin permissions for OAuth client management
Understanding of OAuth 2.0 flow concepts

Development Environment

Modern web browser with JavaScript enabled
For custom redirect URLs: HTTPS endpoint (localhost won't work)
For production: Deployed application with HTTPS callback endpoint

🔧 OAuth Client Creation

Redirect URL Configuration

Option 1: Use Framework as Callback Server

✅ No need to expose localhost to internet
✅ Works immediately for development
⚠️ Need to update OAuth client redirect URL later

Option 2: Provide Custom Redirect URL

✅ Direct control over callback handling
✅ No need to update OAuth client later
⚠️ Requires HTTPS endpoint (localhost won't work)
⚠️ Need to set up your own callback server

🧪 Testing OAuth Flows

The framework provides comprehensive testing tools to verify your OAuth implementation:

Session Management: Automatic storage and retrieval of OAuth credentials
Authorization URL Generation: Properly formatted URLs for OAuth initiation
Callback Handling: Built-in callback processing and token exchange
Token Storage: Secure storage of access tokens for testing
Error Handling: Comprehensive error reporting and debugging

📝 Code Samples

The framework provides ready-to-use code samples in multiple programming languages:

Node.js

Express.js implementation with axios for HTTP requests

Python

Flask implementation with requests library

cURL

Manual OAuth flow using command-line tools

⚙️ Client Management

Advanced tools for managing your OAuth clients:

Client Listing: View all your OAuth clients with details
Redirect URL Updates: Update redirect URLs for production deployment
Client Information: View client IDs, creation dates, and current settings
Copy Functions: Easy copying of client IDs and URLs

💡 Best Practices

Security

Always use HTTPS in production environments
Store client secrets securely and never expose them in client-side code
Implement proper token storage and refresh mechanisms
Use state parameters to prevent CSRF attacks

Development Workflow

Start with framework callback server for development
Test OAuth flows thoroughly before production deployment
Update redirect URLs when moving to production
Monitor OAuth client usage and rotate secrets regularly

🆘 Need Help?

If you encounter issues or need assistance:

Check the LaunchDarkly OAuth Documentation
Review the LaunchDarkly API Reference
Use the debug tools in the framework for troubleshooting
Contact LaunchDarkly support for account-specific issues