Enterprise identity
Your vendor-built authorization server for modern applications
We deliver a production-oriented OpenID Connect and OAuth 2.0 authority on ASP.NET Core, backed by ASP.NET Core Identity and MySQL—so your teams get standards-based sign-in, centralized user and application management, and a single place to govern access across your ecosystem.
Standards-first protocols
OIDC discovery (/.well-known/openid-configuration), JWKS, authorization code flow with
PKCE (S256), token and refresh grants, and UserInfo—implemented without third-party
“IdentityServer” product licensing; this is your deployable stack.
Users & organization
Employee and individual account types, optional department hierarchy, manager links, rich employee profiles, and role assignments—managed through the built-in administration experience.
OAuth clients in the database
Register confidential or public applications with redirect URIs, allowed scopes, and hashed client secrets (shown once at creation). No client definitions locked in configuration files for day-to-day operations.
Sign-in experience per application
A single shared login page with per-client branding stored in the database:
layout templates (card, centered, split), titles, logo, accent color, and intro copy—resolved from the
OAuth client_id during the authorize flow, with caching for performance.
Administration & governance
Role-separated admin areas for applications, users, and departments, protected by ASP.NET Core authorization policies. Seed data can bootstrap an initial administrator and sample OAuth client for development.
Developer-ready surface
Built-in endpoint reference page, discovery and JWKS URLs, and clear separation of projects for sample web and API clients—so integrators can align redirect URIs, scopes, and token usage with your deployment.
What is running here
This host is the authorization server: it issues tokens, exposes OIDC metadata, and hosts interactive sign-in. User passwords are handled by ASP.NET Core Identity; API and web apps in your solution act as relying parties and validate tokens against this authority’s issuer and keys.
- Endpoints: authorize, token, userinfo, discovery, JWKS (see Protocol reference).
- Security profile: authorization code + PKCE; refresh tokens when
offline_accessis granted and allowed for the client. - Operational note: signing keys and some token stores are in-process today—plan persistence and scale-out for your production hardening checklist.