Identity Provider &
Authorization Server

A private, standards-compliant OIDC layer for the wilsoon.dev ecosystem. Built for stateless authentication using RS256 asymmetric signing and WebAuthn.

Endpoint Reference

Authorize & Consent/api/authorize, /api/consentGET/POST

Token Exchange/api/tokenPOST_ONLY

User Info / Profile/api/userinfoGET_BEARER

JWKS Discovery/api/jwksPUBLIC_GET

Technical Architecture

Protocols

OIDC 1.0
OAuth 2.0
PKCE (RFC 7636)

Cryptography

RS256 (RSA_SIGN_2048)
SHA-256
AES-GCM-256

Session Policy

Rotating Refresh Tokens
Family-Chain Detection

Persistence

PostgreSQL (Core)
Redis (Stateless Invalidation)

Identity Provider & Authorization Server

Endpoint Reference

Technical Architecture

Identity Provider &
Authorization Server