redb.Identity

auth & SSO

Transport-agnostic OAuth 2.1 / OpenID Connect server

An OAuth 2.1 / OpenID Connect server for the redb ecosystem, built on OpenIddict and redb.Route. Every endpoint is a direct-vm:// route — call it over HTTP, gRPC, RabbitMQ, SignalR, or straight from another in-process module with zero network overhead. redb-backed, cluster-ready, standards-compliant. Ships as .tpkg packages for redb.Tsak.

OIDCOAuth 2.1PKCEDPoPPARDCRSCIM 2.0FIDO2Token Exchange
40
RFCs in code
1767
tests (PG·MSSQL·SQLite)
44
HTTP endpoints
79
audit events

What's inside

  • Transport-agnostic: every endpoint is a direct-vm:// route — call it over HTTP / gRPC / RabbitMQ / SignalR, or in-process from another module with zero network overhead.
  • Full OAuth 2.1 / OIDC: Authorization Code + PKCE, Client Credentials, Refresh, Device Code, Token Exchange, PAR, DPoP, Dynamic Client Registration (DCR).
  • SCIM 2.0 provisioning (Users / Groups / Bulk), federation (OIDC / GitHub / LDAP), backchannel logout across replicas.
  • MFA: TOTP (RFC 6238), SMS / Email OTP, WebAuthn / FIDO2, recovery codes.
  • Built on redb typed storage: 24 code-first schemes, no migrations; Postgres / MSSQL / SQLite from one codebase.
  • First-class audit: 79 typed events across 7 categories, with external sinks (Kafka / Elasticsearch / RabbitMQ / log). Cluster-ready; ships as .tpkg for redb.Tsak.

40 RFCs implemented in code

RFC 2898RFC 4226RFC 4514RFC 4515RFC 6238RFC 6265RFC 6585RFC 6749RFC 6750RFC 7009RFC 7230RFC 7231RFC 7232RFC 7234RFC 7235RFC 7515RFC 7517RFC 7519RFC 7521RFC 7523RFC 7591RFC 7592RFC 7636RFC 7638RFC 7643RFC 7644RFC 7662RFC 7693RFC 7800RFC 7807RFC 8176RFC 8252RFC 8259RFC 8414RFC 8417RFC 8628RFC 8693RFC 9126RFC 9449RFC 9457

Docs and examples for this product are coming soon. For now, see GitHub and the README.

← Back to all products