One third-party client
MdsAppClient handles the redirect, PKCE, app keys, pairwise tokens, token refresh, and authenticated vault requests.
Quick start
Ask for consent, receive an isolated app lockbox, and store end-to-end encrypted data without seeing the user's MDS identity or vault keys.