QOC Cloud

Applications

Create and manage OAuth applications

Overview

Applications in QOC Cloud Console are OAuth 2.0 clients that enable secure authentication and authorization for your services. Each application receives unique credentials to integrate with QOC Cloud APIs.

Creating an Application

From the sidebar, click Applications or use the Create Application shortcut on your dashboard.

Click New Application

Click the New Application button in the top right corner.

Fill Application Details

Provide the following information:

Basic Information

  • Name: A descriptive name for your application
  • Description: Brief explanation of the application's purpose

Configuration

  • Application Type:

    • Web Application: For server-side web apps
    • Single Page Application (SPA): For client-side apps
    • Mobile App: For iOS/Android applications
    • Service/API: For backend services

  • Redirect URIs: List of allowed redirect URLs after authentication

    • One URI per line
    • Must use HTTPS in production (HTTP allowed for localhost)
    • Supports wildcards for subdomains

Save and Get Credentials

After creating the application, you'll receive:

  • Client ID: Public identifier (safe to expose)
  • Client Secret: Private key (keep this secure!)

Client Secret Security

Never commit your Client Secret to version control or expose it in client-side code. Store it securely as an environment variable.

Application List

The Applications page displays all your OAuth applications in a grid or list view.

Application Card

Each application card shows:

  • Application Name
  • Application Type (badge)
  • Client ID (click to copy)
  • Status: Active, Inactive, or Suspended
  • Created Date
  • Last Used: Timestamp of last API call

Actions

From each application card, you can:

  • View Details: See full application information
  • Edit Settings: Modify configuration
  • View Credentials: Access Client ID and Secret
  • Regenerate Secret: Create a new Client Secret
  • Delete: Remove the application

Application Settings

Click on any application to access detailed settings:

General

  • Name: Change the application name
  • Description: Update the description
  • Icon: Upload a custom application icon
  • Status: Enable or disable the application

Authentication

Redirect URIs

Manage your allowed redirect URIs:

https://yourapp.com/callback
https://app.yourapp.com/auth/callback
http://localhost:3000/callback

Add, edit, or remove URIs as needed. Changes take effect immediately.

Allowed Origins

Configure CORS allowed origins for browser-based applications:

https://yourapp.com
https://app.yourapp.com
http://localhost:3000

Credentials

Client ID

Your public client identifier. Safe to use in client-side code.

Example:

qoc_client_abc123def456ghi789

Copy to Clipboard

Click the copy icon next to the Client ID to copy it to your clipboard.

Client Secret

Your private authentication key. Must be kept secure.

Features:

  • View Secret: Click to reveal (hidden by default)
  • Copy Secret: Copy to clipboard
  • Regenerate: Create a new secret (invalidates the old one)

Regenerating Secret

Regenerating your Client Secret will immediately invalidate the old secret. Update all services using the old secret before regenerating.

SSO Configuration

Configure Single Sign-On settings for your application:

Redirect URIs for SSO

Specific URIs for QOC Login integration:

  • Add URIs where users will be redirected after SSO login
  • Separate configuration from OAuth redirect URIs
  • Supports multiple URIs for different environments

Logout URIs

URLs where users will be redirected after logout:

  • Post-logout redirect URIs
  • Optional but recommended for better UX

Advanced Settings

Token Lifetimes

Configure token expiration times:

  • Access Token Lifetime: Default 3600 seconds (1 hour)
  • Refresh Token Lifetime: Default 2592000 seconds (30 days)
  • ID Token Lifetime: Default 3600 seconds (1 hour)

Grant Types

Enable OAuth 2.0 grant types:

  • Authorization Code: For web and mobile apps (recommended)
  • Refresh Token: For long-lived access
  • Client Credentials: For service-to-service
  • Implicit: Legacy (not recommended)

Security Recommendation

Use Authorization Code grant with PKCE for maximum security, especially for mobile and SPA applications.

Usage Analytics

View detailed analytics for each application:

Request Statistics

  • Total Requests: Lifetime request count
  • Active Users: Current active user sessions
  • Success Rate: Percentage of successful authentications
  • Average Response Time: API performance metrics

Charts and Graphs

Interactive visualizations showing:

  • Requests over time (hourly, daily, weekly)
  • Geographic distribution of users
  • Popular endpoints
  • Error rates and types

Export Data

Export application analytics:

  • CSV: For spreadsheet analysis
  • JSON: For programmatic processing
  • PDF: For reports and presentations

Application Transfer

Transfer application ownership to another team member:

Open Application Settings

Navigate to the application you want to transfer.

Go to Transfer Tab

Click on Transfer Ownership in the settings menu.

Select New Owner

Choose the team member who will become the new owner from the dropdown list.

Confirm Transfer

Enter your password to confirm the transfer. The new owner will be notified via email.

Transfer Implications

After transfer, you will lose owner privileges. The new owner can modify or delete the application. This action cannot be undone.

Deleting an Application

To delete an application:

  1. Navigate to the application settings
  2. Scroll to the Danger Zone section
  3. Click Delete Application
  4. Enter the application name to confirm
  5. Click Permanently Delete

Permanent Action

Deleting an application is permanent and cannot be undone. All associated data, credentials, and configurations will be lost. Active integrations will stop working immediately.

Best Practices

Security

  • ✅ Regenerate secrets periodically (every 90 days recommended)
  • ✅ Use different applications for different environments (dev, staging, prod)
  • ✅ Implement PKCE for public clients
  • ✅ Monitor usage for suspicious activity
  • ❌ Never share Client Secrets via email or chat
  • ❌ Don't hardcode credentials in source code

Organization

  • Give applications descriptive, meaningful names
  • Use consistent naming conventions
  • Document redirect URIs in your application settings
  • Keep application descriptions up to date
  • Remove unused applications to reduce clutter

Performance

  • Cache access tokens until expiration
  • Use refresh tokens for long-lived sessions
  • Implement proper error handling and retry logic
  • Monitor rate limits and usage patterns

Ready to Integrate?

With your application created, you're ready to integrate QOC Cloud authentication into your services.

Dashboard

Overview of your projects and usage metrics

Database

Manage your database tables and data

On this page

OverviewCreating an ApplicationNavigate to ApplicationsClick New ApplicationFill Application DetailsBasic InformationConfigurationSave and Get CredentialsApplication ListApplication CardActionsApplication SettingsGeneralAuthenticationRedirect URIsAllowed OriginsCredentialsClient IDClient SecretSSO ConfigurationRedirect URIs for SSOLogout URIsAdvanced SettingsToken LifetimesGrant TypesUsage AnalyticsRequest StatisticsCharts and GraphsExport DataApplication TransferOpen Application SettingsGo to Transfer TabSelect New OwnerConfirm TransferDeleting an ApplicationBest PracticesSecurityOrganizationPerformance