Integrate Scanit with your app
Use Scanit as your identity + QR entry layer. We issue short‑lived RS256 JWTs, expose a JWKS for verification, and support domain allowlists and one‑time JTI replay protection.
SSO flow
302 Location: https://yourapp.com/sso/callback?token=JWT&state=...
Header: { "alg": "RS256", "kid": "key-1" }
Claims: { "iss": "https://scanitlabs.com", "aud": "app:yourapp", "sub": "anon", "aid": "1", "app": "yourapp", "qid": "01HZ...", "sid": "123", "exp": 60 }
Verification
- Fetch JWKS:
/.well-known/jwks.json - Verify RS256 signature,
aud, andexp - Optional: POST
jtito/api/sso/consumeto prevent replay