Identity & access
Authentication and authorisation infrastructure. OAuth 2.0 / OIDC provider with full discovery, JWT issuance, per-product subscription gating.
OIDC provider
- OAuth 2.0 / OIDC provider with full discovery (.well-known/openid-configuration).
- JWKS endpoint for downstream JWT verification.
- Standard authorization_code flow with PKCE.
- Refresh-token rotation.
JWT issuance
- Configurable claim sets per audience.
- Per-product scope gating (subscription tier, role).
- Short-lived access tokens, longer-lived refresh tokens.
Subscription gating
- Per-product gating embedded in token claims.
- Downstream services authorise based on token claims.
Tech stack
OAuth 2.0OIDCJWTJWKSPKCETOTP / 2FAArgon2RBACSSOHonoBunFilament 3TypeScript
Standards
RFC 6749RFC 7519 (JWT)OpenID Connect CoreOWASP ASVS V3