Sign in with KRDPASS (App-to-App): Getting Started

This page walks you through everything you need before writing app code: requesting access, installing the SDK, and getting your backend running.

Step 1: Request Access

KRDPASS access is approval-based. Email integration@pass.krd with the details below.

What you submit:

Field	Example
Organization / team	DIT Payments Team
Application name	Citizen Benefits Mobile
Access stage	development, production, or both
Preferred clientId (optional)	citizen-benefits-mobile-bff
Scopes	openid profile citizen_identity offline_access
Redirect URI	https://app-link.example.com/_krdpass/oauth/callback
Android: package name + SHA-256 fingerprint	com.example.myapp + AF:39:67:...:04:BB
iOS: bundle ID + Team ID	com.example.myapp.ios + AB3456789K
Tester emails (for dev access)	qa@company.example
Security contact	security@company.example

What is "Redirect URI"?

This is your app-launch callback URL (an iOS Universal Link), not your backend API URL. Example: https://app-link.example.com/_krdpass/oauth/callback

Copy-paste email template

Subject: KRDPASS onboarding request - [organization] - [application]

Hello KRDPASS Integration Team,

Please onboard our application:

- Organization:
- Application name:
- Access stage: development / production / both
- Preferred clientId (optional):
- Use case summary:
- Scopes:
- Redirect URI(s):
- Android apps (package + SHA-256 + tester emails):
- iOS apps (bundle ID + Team ID + tester emails):
- Security contact:
- Technical contact:

Thanks.

What you'll receive:

• clientId and clientSecret (shared over secure channel)
• Approved scopes and access stage
• Credential policy instructions

WARNING

clientSecret must stay on your backend. Never ship it in a mobile app.

Step 2: Generate Your RSA Key Pair

Your backend signs requests with a private key. The public key is shared during onboarding.

# Generate private key (stays on your server)
openssl genpkey -algorithm RSA -out private-key.pem -pkeyopt rsa_keygen_bits:2048

# Extract public key (submit during onboarding)
openssl rsa -pubout -in private-key.pem -out public-key.pem

Step 3: Clone & Install the SDK

Clone the repository

git clone https://github.com/ditkrg/krdpass-auth-sdk.git

Recommended folder layout:

your-app/
krdpass-auth-sdk/

Install your platform SDK

Flutter — path (recommended)

dependencies:
  krdpass_auth_flutter:
    path: ../krdpass-auth-sdk/packages/krdpass_auth_flutter

Flutter — git

dependencies:
  krdpass_auth_flutter:
    git:
      url: https://github.com/ditkrg/krdpass-auth-sdk.git
      path: packages/krdpass_auth_flutter
      ref: main

Android — settings.gradle.kts

includeBuild("../krdpass-auth-sdk/packages/krdpass_auth_android") {
    dependencySubstitution {
        substitute(module("krd.pass:krdpass-auth")).using(project(":library"))
    }
}

iOS — SPM

Xcode -> File -> Add Package Dependencies... -> Add Local...
Select: ../krdpass-auth-sdk/packages/krdpass_auth_ios

iOS — CocoaPods

pod 'KrdpassAuth', :path => '../krdpass-auth-sdk/packages/krdpass_auth_ios'

React Native

npm install ../krdpass-auth-sdk/packages/krdpass_auth_react_native

Android: also add to app/build.gradle.kts

dependencies {
    implementation("krd.pass:krdpass-auth:1.0.0")
}

React Native: build fallback

If npm install scripts are disabled:

cd ../krdpass-auth-sdk/packages/krdpass_auth_react_native
npm run build

Step 4: Set Up Your Backend

The SDK repo includes a Node.js reference server at examples/server.

Quick setup

cd examples/server
cp .env.example .env

Fill in your .env:

Variable	Example	Notes
CLIENT_ID	your-client-id	From onboarding
CLIENT_SECRET	your-secret	From onboarding, server-side only
RSA_PRIVATE_KEY	-----BEGIN PRIVATE KEY-----\n...	Escaped PEM format
HOST	127.0.0.1	Local default
PORT	3000	Local default
ALLOWED_REDIRECT_HOSTS	app-link.example.com	Recommended

Convert PEM key to .env format

awk 'NF {sub(/\r/,""); printf "%s\\n",$0;}' private-key.pem

Then paste into .env:

RSA_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n"

Start and verify

npm install
npm start
curl http://localhost:3000/health

You should get a healthy response. Your backend is ready.

Step 5: Readiness Checklist

Before moving to the SDK guide, confirm:

• Redirect URI finalized and registered with KRDPASS
• App metadata submitted (Android package + SHA-256 and/or iOS bundle + Team ID)
• RSA key pair generated, public key submitted
• Backend .env configured and server starts
• curl /health returns a healthy response

Next Step

→ SDK Integration Guide — Write the auth flow in your app