OAuth 2.0 / OIDC Server
Status: [To Build] — This feature is not yet implemented. The content below describes the planned design.
Leadmetrics will act as an OAuth 2.0 authorization server and OpenID Connect identity provider, allowing external tools and partner integrations to authenticate users via Leadmetrics and access the API on their behalf.
Planned Use Cases
| Use case | Flow |
|---|---|
| A partner agency tool embeds Leadmetrics and requests an access token on behalf of a user | Authorization Code + PKCE |
| A CLI tool or server-side integration authenticates as itself (no user) | Client Credentials |
| An Enterprise tenant’s corporate SSO (Azure AD, Okta) manages all Leadmetrics users | OIDC federation |
| A third-party reporting tool fetches campaign data via the Leadmetrics API | Authorization Code |
Planned Flows
- Authorization Code + PKCE (user-facing integrations)
- Client Credentials (server-to-server)
- Refresh Token
- Token Introspection
- JWKS / Discovery endpoints
Current State
The current auth system is a custom JWT implementation (HS256) for the three web portals. Exposing that as a standards-compliant OAuth 2.0 / OIDC server for external clients is planned but not built.
See Auth Overview for the current implementation.