Minimal OAuth2 Provider
A lightweight OAuth2 authorization server with web admin panel
Features
- OAuth2 Flows: Authorization Code (with PKCE), Client Credentials, Refresh Token
- Web Admin Panel: Manage users and OAuth clients
- Token Management: Introspection and revocation endpoints
- OpenID Connect: Userinfo endpoint
OAuth2 Endpoints
| Endpoint | URL | Description |
|---|---|---|
| Authorization | /oauth/authorize |
Authorization code request |
| Token | /oauth/token |
Token exchange/issuance |
| Introspection | /oauth/introspect |
Token introspection (RFC 7662) |
| Revocation | /oauth/revoke |
Token revocation (RFC 7009) |
| Userinfo | /oauth/userinfo |
User information |
Quick Start
Default admin credentials:
- Username: admin
- Password: admin123
Login and visit the Admin panel to create OAuth clients and manage users.
Example Authorization Request
GET /oauth/authorize?
response_type=code
&client_id=YOUR_CLIENT_ID
&redirect_uri=YOUR_REDIRECT_URI
&scope=read
&state=random_state_string
&code_challenge=BASE64URL(SHA256(code_verifier))
&code_challenge_method=S256
Example Token Request
POST /oauth/token Content-Type: application/x-www-form-urlencoded Authorization: Basic BASE64(client_id:client_secret) grant_type=authorization_code &code=AUTHORIZATION_CODE &redirect_uri=YOUR_REDIRECT_URI &code_verifier=CODE_VERIFIER