IRAS Proxy Auth Service Documentation (Public)
This page is publicly accessible and shows how developers can integrate Sign in with IRAS using the IRAS Proxy Auth Service.
Integration Flow
- Redirect the user to the login page:
https://iras-auth.pages.dev/login?redirect_uri=<YOUR_CALLBACK_URL>
- User logs in with IRAS credentials.
- Auth service fetches IRAS token and basic student info.
- User is redirected back to your
redirect_uriwith query parameters.
Returned Parameters
| Parameter | Description |
|---|---|
| token | IRAS access token (expires periodically) |
| studentId | Student ID |
| studentName | Full name |
| departmentName | Department |
| degreeName | Degree |
Demo Integration
Sample Implementation
<!-- HTML + JS example -->
<!DOCTYPE html>
<html>
<head>
<title>IRAS Auth Demo</title>
</head>
<body>
<button id="loginBtn">Sign in with IRAS</button>
<script>
document.getElementById("loginBtn").addEventListener("click", () => {
const redirectUri = window.location.href;
const authUrl = new URL("https://iras-auth.pages.dev/login");
authUrl.searchParams.set("redirect_uri", redirectUri);
window.location.href = authUrl.toString();
});
// After redirect, extract token and student info
const params = new URLSearchParams(window.location.search);
const token = params.get("token");
if (token) {
console.log("IRAS token:", token);
console.log("Student info:", {
studentId: params.get("studentId"),
studentName: params.get("studentName"),
departmentName: params.get("departmentName"),
email: params.get("email")
});
}
</script>
</body>
</html>Security Guidelines
- Always use HTTPS for redirect URIs.
- Whitelist redirect URIs to prevent open redirect attacks.
- Do not log or expose the token publicly.
- Handle token expiration; users may need to log in again.