Receiz Embed

Receiz Login Embed

Copy once, paste anywhere. Set only your Receiz username and ship passkey-first login with a secure Receiz-hosted auth surface.

Public mode enabled. Enter your username and copy the same production snippet.

Deploy Checklist

Create/activate an OIDC client in Receiz Connect.
Set your Receiz username and callback path below.
Copy/paste snippet into any HTML/custom-code slot.
Implement callback token exchange and map users by OIDC `sub`.

Embed Configuration

Receiz usernameCallback pathScope

Callback URI used at runtime: https://receiz.com/auth/receiz/callback

Receiz Login Contract

Passkey-first sign-in on Receiz-hosted authentication UX.
Receiz Key option is available on the Connect login lane.
Magic-link fallback and account auto-provisioning are preserved.
Map users in your app by OIDC `sub`, not mutable email.
Portable state can rehydrate ledger/calendar via Receiz Key import.

Need OIDC credentials first? Use Connect Console.

Copy-Paste HTML Snippet

<div
  class="receiz-login-embed"
  data-username="your_receiz_username"
  data-redirect-path="/auth/receiz/callback"
  data-scope="openid profile email offline_access receiz:record receiz:seal receiz:verify receiz:wallet.read receiz:wallet.transfer receiz:payments.create receiz:payments.read receiz:notes.mint receiz:notes.claim receiz:notes.read"
  data-api-base="https://receiz.com"
></div>
<script src="https://receiz.com/receiz-login-embed.js" async></script>

Server Callback Example

// Node/Express callback example (server side token exchange)
app.get("/auth/receiz/callback", async (req, res) => {
  const code = String(req.query.code || "");
  const state = String(req.query.state || "");
  const clientId = process.env.RECEIZ_CLIENT_ID;
  const clientSecret = process.env.RECEIZ_CLIENT_SECRET || ""; // optional for public clients
  const redirectUri = new URL("/auth/receiz/callback", process.env.APP_ORIGIN).toString();

  // Validate state from sessionStorage/cookie value you set before redirect.

  const params = new URLSearchParams();
  params.set("grant_type", "authorization_code");
  params.set("code", code);
  params.set("redirect_uri", redirectUri);
  params.set("client_id", clientId || "");
  params.set("code_verifier", req.session.receizPkceVerifier);
  if (clientSecret) params.set("client_secret", clientSecret);

  const tokenRes = await fetch("https://receiz.com/api/oidc/token", {
    method: "POST",
    headers: { "content-type": "application/x-www-form-urlencoded" },
    body: params.toString(),
  });
  const tokenJson = await tokenRes.json();

  const userinfoRes = await fetch("https://receiz.com/api/oidc/userinfo", {
    headers: { authorization: `Bearer ${tokenJson.access_token}` },
  });
  const profile = await userinfoRes.json();

  // Upsert your local user by profile.sub (stable identity key).
  res.redirect("/app");
});