A fully custom OAuth 2.0 authorization server with PKCE support, RSA-signed JWTs, and multi-tenant identity management.
How it works
Built for security
OAuth 2.0 + PKCE
Authorization code flow with Proof Key for Code Exchange — safe for public clients including SPAs and mobile apps. No client secrets required.
RSA-2048 Signed Tokens
Short-lived access tokens (15 min) signed with RSA-2048 private keys. Resource servers verify authenticity via the public JWKS endpoint.
Multi-tenant Identity
Tenant-isolated user accounts with role-based access control. Each tenant registers its own OAuth applications independently.
TOTP / MFA
Time-based one-time passwords with backup codes. Tenant admins can enforce MFA as a mandatory login requirement.