Concepts
Sign-in flow.
VibeID sign-in is a small loop: request, consent, sign, callback, verify, then create a browser session.
- 1. Your server creates and stores a short-lived
signin.v1challenge. - 2. The browser opens a
vibe-id://signdeep link or shows it as a QR code. - 3. The user approves the request in VibeID.
- 4. VibeID posts the result to your HTTPS callback endpoint.
- 5. Your server verifies the signature over the stored challenge and maps the DID to a local account.
Sign-in flow
1
Browser
Create request
Calls your Next.js route to create a short-lived sign-in challenge.
2
App server
Store challenge
Stores the original challenge by request ID and returns a VibeID deep link.
3
Browser
Show QR
Renders the deep link as a QR code and starts polling request status.
4
VibeID
User approves
Scans the QR code, shows the origin, and asks the user to approve signing.
5
VibeID
Callback
Posts DID, signature, algorithm, and request ID to your callback route.
6
App server
Verify proof
Verifies the signature over the stored challenge and creates a browser session.