Standards-first OAuth 2.0 authorization
Hub implements RFC 6749, RFC 9126 (PAR), RFC 7636 (PKCE), and OpenID Connect Core — giving you a battle-tested authorization server you can build on.
Key features
Full RFC compliance
OAuth 2.0, PKCE, PAR, token revocation (RFC 7009), token introspection, and OIDC Core.
Vault-backed signing
JWT signing keys stored in HashiCorp Vault Transit — never on disk.
Multi-tenancy
Isolated authorization contexts per tenant with per-tenant key material.
Spring Authorization Server 7
Built on the reference Spring AS implementation — well-maintained, auditable, extensible.
Use cases
Internal API gateway
Issue and validate tokens for machine-to-machine and user-facing APIs.
Relying party integration
Register OIDC clients and issue ID tokens to your applications.