OpenID Connect and OAuth 2.0

Identity infrastructure built for serious operators.

MrWhoOidc combines standards-based identity flows, strong administration surfaces, modern client security options, and deployment guidance that is meant to be used, not merely announced.

Prebuilt Docker install Public repository

What it includes

Current platform scope

Core OIDC and OAuth

Authorization Code + PKCE, Client Credentials, Refresh Tokens, Token Exchange, Introspection, Revocation.

Advanced security

DPoP, PAR, JAR, JARM, back-channel logout, WebAuthn and passkeys.

Operational tooling

Tenant administration, platform administration, rate-limit inspection, audit visibility, CLI support.

Deployment assets

Docker Compose overlays, environment templates, demo clients, and public docs.

For teams shipping now

Built to help you run the service, integrate clients, and explain the platform publicly.

The public repo is structured around three things: deployment guidance, integration examples, and operator-facing documentation. The goal is to shorten the path from evaluation to a working environment.

Default first run: clone MrWho into a persistent folder, generate the local TLS certificate, set POSTGRES_PASSWORD and a temporary BOOTSTRAP_TOKEN, then bootstrap the default tenant and verify tenant-scoped discovery.