For developers and orgs
Sign in with UmmahPassport.
Drop-in OIDC-compatible SSO for any app. Same user experience as “Sign in with Google” — without the ad surveillance machinery sitting behind it. Privacy-first by charter, not by marketing copy.
- ProtocolOAuth 2.0 + OpenID Connect
- Discovery.well-known/openid-configuration
- PKCESupported (S256)
- Compatible withAuth.js · oidc-client-ts · passport · MSAL
- CostFree during pilot
- Setup time~10 minutes
Why switch from Google / Apple / Microsoft / Meta
Four reasons it’s worth ten minutes of config.
01
Same user experience, structurally better privacy
Your users click a button, sign in, and come back authenticated. Exactly like Google/Facebook from a UX perspective. The difference lives in what happens to their data behind the scenes — see the privacy comparison below.
02
Drop-in OIDC compliance
If your framework already supports 'Sign in with Google,' it supports us. Auth.js / NextAuth, passport-openidconnect, oidc-client-ts, MSAL, Spring Security OAuth — all read the same .well-known discovery document. Set one config field, ship.
03
A trust story your users actually want to hear
Telling your users 'we use Google for login' increasingly registers as a downgrade signal in privacy-conscious communities. Telling them 'we use UmmahPassport — funded by Muslims, charter-locked against ad surveillance' is a positive trust signal you can advertise on your landing page.
04
Network effect across the projects
Every UmmahPassport user has a passport that already works on Ihsan Standard, NoorMap, and the rest of the projects in the network. Your app becomes one more dot they can connect to with the account they already have.
How it works
OIDC, the standard one.
Four steps. The same four steps every OIDC provider implements, because there’s only one specification. If you’ve integrated Google Sign-In before, you’ve done this.
1
Register your app
Open the developer portal, register your app, get a client_id and client_secret. Add your callback URLs (must be HTTPS in production).
2
Add a 'Sign in with UmmahPassport' button
Standard OIDC: GET https://ummahpassport.com/sso/authorize?client_id=YOUR_ID&redirect_uri=…&state=…&scope=openid email profile. The user signs in on our domain, we redirect back to your callback with an auth code.
3
Exchange the code for tokens
Your server POSTs to /api/sso/token with the code, client_id, client_secret. Get back access_token + id_token. The id_token is a signed JWT carrying { sub, email, email_verified, exp, iat }.
4
Use the access token (optional)
GET /api/sso/userinfo with Bearer token returns the profile. Or you can just trust the id_token claims directly — the cryptographic signature is the verification.
// Sign in with UmmahPassport using Auth.js (NextAuth)
import NextAuth from "next-auth";
export const { handlers } = NextAuth({
providers: [
{
id: "ummahpassport",
name: "UmmahPassport",
type: "oidc",
issuer: "https://ummahpassport.com",
clientId: process.env.UMMAHPASSPORT_CLIENT_ID,
clientSecret: process.env.UMMAHPASSPORT_CLIENT_SECRET,
// We accept client_secret_post (not Basic). PKCE is also
// enabled by default in Auth.js v5, and we support S256.
client: { token_endpoint_auth_method: "client_secret_post" },
},
],
});Same shape works with passport-openidconnect (Node), Authlib (Python), Pac4j (Java), MSAL (.NET), Spring Security OAuth, oidc-client-ts, msal-browser, etc. The discovery document at /.well-known/openid-configuration is the same one OIDC libraries already know how to read.
Standards & compliance
Everything OIDC says, and a charter that says more.
- ✓
OIDC Core 1.0
Authorization Code flow with PKCE. Standards-compliant.
- ✓
OAuth 2.0 (RFC 6749)
Token endpoint, refresh tokens, scopes.
- ✓
JWT id_tokens (RS256)
Signed JWTs with public-key verification via JWKS endpoint.
- ✓
PKCE (RFC 7636)
S256 challenge method for public clients (mobile, SPAs).
- ✓
GDPR by design
Data minimization, right to delete, EU data residency option.
- ✓
SOC 2 Type II
Roadmap, mid-2026 target. Independent control auditor named when engaged.
Add UmmahPassport to your app