O OIDCFlow
Get Started

OpenID Connect Identity Provider

Identity built for everyone.

OIDCFlow is an open identity provider. Users get one secure account. Companies integrate OIDC in minutes. Built to the spec, designed for learning.

Create Account Register Your App

Who is this for?

Two ways to get started

Whether you are a user looking for a secure login experience or a company wanting to delegate identity, OIDCFlow has you covered.

U

For Users

Create a personal account and use it to sign in to any application that integrates with OIDCFlow. One identity, every connected app.

  • Single sign-on across all connected apps
  • Secure, bcrypt-hashed password storage
  • Manage your profile and connected services
  • Grant and review app access
Create Your Account
C

For Companies & Developers

Register your application and let OIDCFlow handle user authentication. Get a client ID, set redirect URIs, and integrate in minutes.

  • OAuth 2.0 Authorization Code Flow with PKCE
  • Standards-compliant OIDC discovery & JWKS
  • Back-channel logout for secure session termination
  • RS256-signed JWT tokens out of the box
Register Your App

Features

What OIDCFlow provides

A complete, spec-compliant OIDC identity provider. Every endpoint you need, every security primitive built in.

OIDC .well-known/openid-configuration

OIDC Discovery

Fully-spec discovery document advertising all endpoints, signing algorithms, supported scopes, and claim types. Auto-detectable by any OIDC library.

/oauth/authorize

Authorization Code Flow

Full OAuth 2.0 Authorization Code Flow with mandatory PKCE (S256). Redirect users to OIDCFlow; receive a short-lived code back at your URI.

PKCE /oauth/token

PKCE & Token Exchange

Proof Key for Code Exchange (RFC 7636) blocks interception attacks. Exchange your code + verifier for access, ID, and refresh tokens.

JWT RS256 signed

Signed JWT Tokens

RS256-signed access tokens and ID tokens. Public keys published via JWKS so any service can independently verify tokens without calling back.

SSO /oauth/userinfo

Single Sign-On & Userinfo

Users authenticate once and access all connected apps seamlessly. Call the userinfo endpoint with any valid access token to fetch profile claims.

backchannel_logout_uri

Back-channel Logout

Server-to-server logout notifications via signed logout tokens. When a user signs out, every connected app is notified instantly — no polling needed.

grant_type=refresh_token

Refresh Token Rotation

Opaque refresh tokens with automatic rotation on each use. Revocation on logout cleans up all tokens for the user+client pair simultaneously.

REG /company/register

Client Registration

Register your app as an OAuth client in seconds. Receive a client ID, configure redirect URIs, and optionally set a back-channel logout endpoint.

BFF /login/start

BFF Session Pattern

Built-in Backend-For-Frontend flow: tokens stay server-side, the browser only holds an HttpOnly session cookie. Zero token leakage to JavaScript.

Integration guide

From zero to tokens

Four steps to add OIDCFlow login to your application.

1

Register your app

POST to /company/register with your app name, redirect URI, and admin credentials. Receive your client_id.

2

Redirect to OIDCFlow

Send users to /authorize with your client_id, a PKCE code challenge, and a redirect_uri.

3

User authenticates

Users sign in with their OIDCFlow account and grant consent for the requested scopes: openid profile email.

4

Exchange for tokens

POST to /oauth/token with your code and PKCE verifier. Receive access, ID, and refresh tokens. Call /oauth/userinfo to get claims.

Developer Tools

Dashboard

Manage your profile, view registered apps, and control your active session.

Open Dashboard
+

Register App

Register your app as an OAuth client and receive your client ID instantly.

Register Now

OIDC Discovery

Inspect the discovery document, JWKS, and all endpoints this IdP exposes.

View Discovery