You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+3-19Lines changed: 3 additions & 19 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -24,9 +24,9 @@ Code snippets from these samples are extracted automatically and embedded in the
24
24
2. Copy `.env.example` (or the framework's equivalent like `local.example.properties` for Android, `Config.example.xcconfig` for iOS) to the real filename and fill in your CIAM workspace's client ID, issuer URL, redirect URI, and scopes.
25
25
3. Follow the sample's own `README.md` for run instructions and any framework-specific setup (Node version, JDK, Xcode, Android SDK, etc.).
26
26
27
-
## ⚠️ Not production-ready
27
+
## Before you ship
28
28
29
-
These samples illustrate **one** working approach to integrating each framework with CIAM. They are intentionally minimal — small enough to read end-to-end and copy into a new project — and deliberately skip concerns that any real-world deployment must address, including (but not limited to):
29
+
These samples are intentionally minimal — small enough to read end-to-end — and skip concerns that real deployments need to address, including:
30
30
31
31
- Hardening against the full OAuth/OIDC and SAML threat models (replay protection, token binding, audience/issuer validation beyond the library defaults, key rotation, etc.)
32
32
- Comprehensive input validation and error handling
@@ -37,7 +37,7 @@ These samples illustrate **one** working approach to integrating each framework
37
37
- Localization, accessibility, theming, and broader UX
38
38
- Build, packaging, signing, and release pipelines
39
39
40
-
Treat the code as a starting point for your own implementation. Before deploying anything derived from these samples, review the relevant SecureAuth product documentation and conduct your own security review against the threat model that applies to your application. The samples are provided **AS IS** under the terms of the [LICENSE](LICENSE), without warranty of any kind.
40
+
Treat the code as a starting point. Review the relevant SecureAuth product documentation and run your own security review before shipping. Provided **AS IS** under the [LICENSE](LICENSE).
Each sample is self-contained — its own build file, no shared library code — so copying a sample into your own project is a single directory move.
59
59
60
-
## How samples are structured
61
-
62
-
Source files have `@snippet:stepN:start` and `@snippet:stepN:end` markers around the lines that matter for that step. The extraction script in `scripts/` collects these into `snippets.json` for the dashboard. A per-framework `manifest.yaml` (e.g. `samples/react/manifest.yaml`) declares which scenarios the framework supports and what config rows the dashboard should display.
63
-
64
-
## Adding a new sample
65
-
66
-
1. Create `samples/<framework>/<flow>/` with a minimal working app
67
-
2. Tag relevant source lines with `@snippet:stepN:start/end` and `@description` comments
68
-
3. Add an entry under `scenarios:` in the framework's `manifest.yaml`
69
-
4. Run `cd scripts && yarn all` to regenerate `snippets.json` + `snippet-manifest.yaml` and validate the structure
70
-
5. Open a PR — per-framework CI workflows build the sample and confirm extraction stays consistent
71
-
72
-
## CI
73
-
74
-
Per-framework test workflows live in [.github/workflows/](.github/workflows/). Each workflow is path-aware: a PR only runs the matrix entries for samples whose subtree actually changed. Each workflow ends with a stable `<Framework> tests passed` aggregator job that's suitable for required-status-check gating.
75
-
76
60
## Reporting issues
77
61
78
62
- Bugs and feature requests: [open an issue](../../issues/new).
0 commit comments