OpenID Connect Provider

Build And Run OIDC Flow End To End

I built this auth server to understand OAuth 2.0 and OpenID Connect by implementing app registration, sign-in, sign-up, code exchange, token refresh, user info, logout, and token revoke.

What It Supports

Authorization Code Flow
ID token, access token, refresh token
OIDC discovery and JWKS endpoints
User profile endpoint and client registration

How The Flow Works

Client app registers and gets credentials from /admin.
User signs in through hosted authentication page.
Client receives code on redirect URI and exchanges at /auth/token.
Client calls /user/userinfo and refreshes token when needed.

Discovery Metadata

Clients can read one JSON document to learn every OIDC endpoint this provider exposes.

Open JSON

Discovery /.well-known/openid-configuration

Authorize /auth/authenticate

Token /auth/token

JWKS /.well-known/jwks.json

User Info /user/userinfo

Logout /auth/logout

Try It Practically

Try the OIDC flow in action with real client apps. Sign up once and use the same credentials everywhere.

Current Limitations

No signing key rotation yet.
No advanced abuse/rate-limit layer yet.
Public client + PKCE hardening is not complete.

Inspired And Taught By

This project is part of my hands-on learning journey with OAuth 2.0 and OpenID Connect. Thanks to the teachers and builders whose content helped me understand the concepts and turn them into working code.

Teacher Piyush Garg Teacher Hitesh Choudhary