OAuth2 and OpenID Connect authorization flows
OAuth2 · OIDC · Passkeys · Multi-tenancy
A tenant-aware authorization server for modern apps.
OpenIssuer gives each business its own issuer host while keeping client management, users, roles, and passkey MFA in one focused platform.
free.openissuer.comIssuer
→
OIDC ClientRedirect + PKCE
→
Passkey MFAStep-up security
{ "tenant_id": "free.openissuer.com", "scope": ["openid", "profile"] }Capabilities
Built around real authorization workflows.
Host-based tenant issuer resolution
Business issuer and OAuth client management
Passkey MFA built into the sign-in flow
User, role, organization, and default-tenant management
Kubernetes-ready services with tenant-aware routing
For small businesses
Launch a business issuer without building identity from scratch.
A business can create an issuer, add users, create OAuth clients, and connect apps through standard OIDC flows while keeping tokens scoped to that business host.
- A business signs up and gets a tenant issuer host.
- Admins create OAuth clients and manage users.
- Applications redirect users to the matching issuer.
- OpenIssuer returns tenant-scoped tokens and claims.
Platform
Designed as a working authorization system.
The project uses Spring Boot 4, Spring Security, PostgreSQL, Kubernetes Gateway API, and tenant-aware service routing to support real deployment and testing.