Foundation Platform · In Production

Koder ID

Cloud-native IAM with OIDC, OAuth2, MFA, passkeys, brute-force protection, and SSO. The identity backbone for every product in the Koder ecosystem.

# OIDC Discovery
GET /.well-known/openid-configuration

# Authorization Code + PKCE
GET /oauth/v2/authorize
  ?response_type=code
  &client_id=my-app
  &code_challenge=S256
  &redirect_uri=https://app.example.com/cb

# Token exchange
POST /oauth/v2/token
  client_id=my-app
  code=auth_code_here
  code_verifier=pkce_verifier

# Userinfo
GET /oidc/v1/userinfo
Authorization: Bearer <access_token>

# JWKS (public keys for JWT validation)
GET /oauth/v2/keys

Features

Identity for the Koder Stack.

🔐

OIDC / OAuth2

Full OpenID Connect and OAuth 2.0 with Authorization Code + PKCE, Client Credentials, and Refresh Token flows. RS256 JWT access tokens with a JWKS endpoint.

🔑

MFA & Passkeys

TOTP, WebAuthn/FIDO2 passkeys (hardware-backed, passwordless), and email/SMS OTP. Pluggable MFA stack per user or org policy.

🌐

Single Sign-On

One login for the entire Koder ecosystem. OIDC SSO across all products — users sign in once and access everything.

🏢

Multi-Tenant

Tenant resolution by subdomain, custom domain, or header. Tenant-isolated user pools, policies, and configurations.

🛡️

Security First

Argon2id password hashing, brute-force protection, rate limiting, CORS, password strength policies, and client secret hashing.

🔄

Session Management

Hybrid sessions: JWT access tokens (15 min) + stateful refresh tokens (30 days). Token rotation, reuse detection, and active session listing.

👤

User Management

Full CRUD API for users, groups, and roles. Admin console, self-service profile and password, and email verification.

🔧

Developer-First API

Clean RESTful API, introspection, revocation, dynamic client registration, and admin bootstrap endpoints.

📊

Observability

Prometheus metrics, structured JSON logs via zerolog, a health-check endpoint, and distributed tracing.

How It Compares

What you get with Koder ID vs the usual stack.

Koder IDAuth0KeycloakOkta
OIDC / OAuth2
PKCE (mandatory for public clients)
WebAuthn / Passkeys
Koder ecosystem SSO
Multi-tenant native (no Enterprise tier)
Microservice architecture
No per-MAU pricing
KDB storage backend

One identity layer. Every Koder product.

Native, fast, and built for the Koder Stack — not a third-party integration.

Get Started