Self-hosted, multi-tenant OAuth2/OpenID Connect authentication platform.Production-grade identity layer for your applications.
Isolate users, clients, and configurations per tenant with independent realms. Each realm operates as a fully separate identity provider.
Standards-compliant OAuth 2.0 and OpenID Connect flows including Authorization Code with PKCE, Client Credentials, and Refresh Tokens.
Let users sign in with Google, GitHub, Apple, Microsoft, and other identity providers via federated OAuth2 connectors.
Support WebAuthn/Passkeys, magic links, and one-time codes for a frictionless, phishing-resistant sign-in experience.
Define roles and fine-grained permissions. Assign them to users and enforce access control across your applications.
Programmatically manage users, clients, realms, and roles through a comprehensive RESTful API with M2M authentication.