UseThatApp Documentation
Add "Sign in with UseThatApp" and live licensing to your web application over standard OpenID Connect. UseThatApp is an OpenID Provider: users sign in with their UseThatApp account, and your app reads their live plan from the entitlement API — so you can ship free, Pro, and Enterprise experiences from a single codebase.
How It Works
One OpenID Connect login (OAuth 2.0 authorization code + PKCE) gives you two things at once — identity and the live plan:
- Sign in. Your app sends the user to UseThatApp with
begin_login/beginLogin. They authenticate, then UseThatApp redirects back to your registered callback with a one-time code, which you exchange for tokens viacomplete_login/completeLogin. You get a stable, per-app, privacy-preservingsub(no PII). - Read the plan. Whenever you need to gate features, call
get_entitlement/getEntitlementwith the access token. It's always authoritative — a canceled license stops being entitled immediately.
The usethatapp SDK is a confidential, server-side client — it holds your client secret and validates ID tokens, so it never runs in the browser. See Sign in with UseThatApp for the full integration.
Quick Example
Sign the user in, then read their live entitlement whenever you need it:
Python
from usethatapp import begin_login, complete_login, get_entitlement
# In /login — send the user to UseThatApp:
auth_url, flow_state = begin_login()
session["uta_flow"] = flow_state
return redirect(auth_url)
# In /callback — exchange the code for tokens:
s = complete_login(
code=request.args["code"],
state=request.args["state"],
flow_state=session.pop("uta_flow"),
)
session["uta_access_token"] = s.access_token
# Anywhere you gate features:
ent = get_entitlement(session["uta_access_token"])
if ent.entitled and ent.product_id == "<your-pro-product-id>":
... # serve paid contentJavaScript
import { beginLogin, completeLogin, getEntitlement } from "usethatapp";
// In /login — send the user to UseThatApp:
const { authorizationUrl, flowState } = await beginLogin();
req.session.utaFlow = flowState;
res.redirect(authorizationUrl);
// In /callback — exchange the code for tokens:
const s = await completeLogin({
code: req.query.code,
state: req.query.state,
flowState: req.session.utaFlow,
});
req.session.utaAccessToken = s.access_token;
// Anywhere you gate features:
const ent = await getEntitlement(req.session.utaAccessToken);
if (ent.entitled && ent.product_id === "<your-pro-product-id>") {
// serve paid content
}Why UseThatApp?
One Login, Two Capabilities
A single OpenID Connect sign-in gives you both identity (a per-app sub) and the live plan via the entitlement API.
Standards-Based & Private
Plain OAuth 2.0 / OpenID Connect with PKCE. Identity is a pairwise pseudonymous sub — no email, no PII shared.
Any Framework
Framework-agnostic SDK with tested examples for Flask, Django, FastAPI, Express, Next.js, and more.
Supported Frameworks
Choose your language to see the full list of framework guides, or jump straight to the Quick Start.
