OAuth 2.0 & OpenID Connect

Add secure authentication
to your application
in minutes.

A complete identity provider with Authorization Code Flow, RS256 JWTs, JWKS endpoint, and token refresh. Production-ready and open.

Register Your App View OIDC Config
authorization url 
GET /o/authorize
  ?response_type=code
  &client_id=your-client-id
  &redirect_uri=https://yourapp.com/callback
  &scope=openid profile email
  &state=random-state-value
Features

Everything you need for modern auth

Built on open standards so your application stays portable and secure.

Authorization Code Flow

The most secure OAuth 2.0 grant type. Keeps tokens out of the browser and supports PKCE for public clients.

OpenID Connect

Identity layer on top of OAuth 2.0. UserInfo endpoint, discovery document, and ID tokens with standard claims.

RS256 JWT Tokens

Asymmetric signing with RSA 256. Access tokens are verifiable by any party that has your public key.

JWKS Endpoint

Serve your public signing keys at /.well-known/jwks.json so any service can verify tokens without secrets.

UserInfo Endpoint

Fetch profile data on demand. Returns name, email, and verification status from a standard Bearer-token call.

Refresh Tokens

Keep users signed in with long-lived refresh tokens. Exchange them for fresh access tokens without re-authentication.

How It Works

From zero to authenticated in three steps

Integrate secure, standards-based login into any application — in any language or framework.

Create an Application

Register your project in the AuthForge dashboard. Configure your allowed redirect URLs and instantly receive a Client ID and Client Secret — your application's credentials for the OAuth flow.

Create Your App

Add Sign In with AuthForge

Redirect users to AuthForge's hosted sign-in page. We handle the authentication flow using OAuth 2.0 and OpenID Connect — compatible with any OIDC client library or custom integration.

GET /o/authorize
?client_id=your-client-id
&redirect_uri=https://yourapp.com/callback
&scope=openid+profile+email

Authenticate Users Securely

Once the user signs in, AuthForge redirects back to your app with a short-lived code. Exchange it server-side to receive a signed access token, verified identity claims, and a refresh token — everything you need to trust and maintain the session.

{
"access_token": "eyJhbGciOiJSUzI1NiJ9…",
"refresh_token": "8f9a2b3c4d5e6f7a…",
"token_type": "Bearer",
"expires_in": 3600
}
Developer Benefits

Built for developers, not just for ops

Standard OIDC Discovery
Auto-configure any OIDC-compatible library with the discovery document at /.well-known/openid-configuration.
No Dependencies on Frontend
Token exchange happens server-to-server. Your client secret never touches the browser.
Stateless Access Tokens
RS256 JWTs can be verified offline by any service with your public key — no database round-trip per request.
Multiple Applications
Register as many apps as you need. Each gets its own Client ID and secret — clean separation of access.
Single Sign-On Ready
One user account, many applications. The same identity works across every registered client.
Token Refresh Built In
30-day refresh tokens keep users signed in smoothly without interrupting them for credentials.

Ready to add secure login?

Register your application and start the OAuth flow in under five minutes.

Register an Application Create an Account