Authorization, programmable
Integrations
Hub composes with federation members, your IdPs, and every other Thoryn product.
Hub is pure OAuth2 / OIDC protocol. It composes by delegating authentication to federation members and integrating with other Thoryn products around identity.
Thoryn catalog composition
Hub + Trust Registry
Pattern: Hub validates ID tokens from federation members against the member's JWKS. Trust Registry is the source of truth for which members are trusted.
Hub + Credential Issuer
Pattern: For user-initiated issuance (auth-code flow), Credential Issuer redirects to Hub for authentication. Hub returns an ID token; the issuer uses the sub claim to bind the credential to the subject.
Hub + Broker
Pattern: Usually independent. An app may require both a valid Hub session (who) and a Broker presentation (proof of attribute). Two audit trails, two decision points.
Hub + federation members (Okta, Azure AD, identity service)
Pattern: Each federation member is OIDC-conformant. Hub redirects to the member for authentication, validates the returned ID token, and issues its own tokens to the client.
Hub + eIDAS Verifier
Pattern: For EUDIW-based authentication, Hub delegates to eIDAS Verifier. The returned ID token carries verified claims — claims your app receives as first-class user attributes.
External IdPs
Any OIDC-conformant IdP works as a federation member: Okta, Azure AD, Google Workspace, Auth0, Keycloak, or a customer-built identity service. SAML-only IdPs (long-tail enterprise) require a SAML-to-OIDC translator as a separate federation member.
Also on Hub
Ready to wire up OAuth?
Request access and we'll have your first federation member connected in under a day.