Cloud-native IAM with OIDC, OAuth2, MFA, passkeys, brute-force protection, and SSO. The identity backbone for every product in the Koder ecosystem.
# OIDC Discovery GET /.well-known/openid-configuration # Authorization Code + PKCE GET /oauth/v2/authorize ?response_type=code &client_id=my-app &code_challenge=S256 &redirect_uri=https://app.example.com/cb # Token exchange POST /oauth/v2/token client_id=my-app code=auth_code_here code_verifier=pkce_verifier # Userinfo GET /oidc/v1/userinfo Authorization: Bearer <access_token> # JWKS (public keys for JWT validation) GET /oauth/v2/keys
Identity for the Koder Stack.
Full OpenID Connect and OAuth 2.0 with Authorization Code + PKCE, Client Credentials, and Refresh Token flows. RS256 JWT access tokens with a JWKS endpoint.
TOTP, WebAuthn/FIDO2 passkeys (hardware-backed, passwordless), and email/SMS OTP. Pluggable MFA stack per user or org policy.
One login for the entire Koder ecosystem. OIDC SSO across all products — users sign in once and access everything.
Tenant resolution by subdomain, custom domain, or header. Tenant-isolated user pools, policies, and configurations.
Argon2id password hashing, brute-force protection, rate limiting, CORS, password strength policies, and client secret hashing.
Hybrid sessions: JWT access tokens (15 min) + stateful refresh tokens (30 days). Token rotation, reuse detection, and active session listing.
Full CRUD API for users, groups, and roles. Admin console, self-service profile and password, and email verification.
Clean RESTful API, introspection, revocation, dynamic client registration, and admin bootstrap endpoints.
Prometheus metrics, structured JSON logs via zerolog, a health-check endpoint, and distributed tracing.
What you get with Koder ID vs the usual stack.
| Koder ID | Auth0 | Keycloak | Okta | |
|---|---|---|---|---|
| OIDC / OAuth2 | ✓ | ✓ | ✓ | ✓ |
| PKCE (mandatory for public clients) | ✓ | ✓ | ✓ | ✓ |
| WebAuthn / Passkeys | ✓ | ✓ | ✓ | ✓ |
| Koder ecosystem SSO | ✓ | — | — | — |
| Multi-tenant native (no Enterprise tier) | ✓ | — | ✓ | — |
| Microservice architecture | ✓ | — | — | — |
| No per-MAU pricing | ✓ | — | ✓ | — |
| KDB storage backend | ✓ | — | — | — |
Native, fast, and built for the Koder Stack — not a third-party integration.
Get Started