What is VoxKey
VoxKey is a multi-tenant OAuth2/OpenID Connect authentication platform. It provides a production-grade identity layer for your applications -- comparable to Logto, Auth0, or Keycloak, but self-hosted and focused on simplicity.
Core capabilities
- Multi-tenant Realms -- isolated authentication domains with their own users, keys, and providers
- OAuth2/OIDC -- full compliance with OAuth 2.0 and OpenID Connect standards
- Social Login -- Google, GitHub, Discord, Steam, Yandex out of the box
- Passwordless -- WebAuthn/Passkeys, email codes
- RBAC -- role-based access control with API resources and scopes
- M2M -- machine-to-machine authentication via Client Credentials grant
- MFA -- multi-factor authentication with TOTP and WebAuthn
- Admin Panel -- built-in Filament admin UI for managing realms, users, and applications
- Management API -- REST API for programmatic control of all resources
How it works
Every authentication flow in VoxKey is scoped to a Realm. A realm is an isolated domain with its own users, applications, keys, and providers. You can think of it as a tenant.
Your application integrates with VoxKey via standard OIDC endpoints:
Authorization: /oauth2/{realmUUID}/code
Token: /oauth2/{realmUUID}/token
UserInfo: /oauth2/{realmUUID}/userinfo
JWKS: /oauth2/{realmUUID}/oidc/jwks
Discovery: /oauth2/{realmUUID}/.well-known/openid-configuration
Application types
| Type | Description | PKCE |
|---|---|---|
| Traditional Web | Server-side apps with a client secret | Optional |
| SPA | Single-page apps (React, Vue, Angular) | Required |
| M2M | Backend services, cron jobs | N/A |
Next steps
- Quick Start -- get authentication working in 5 minutes
- Architecture -- understand how realms, OAuth2, and RBAC fit together