identity and trustpackages/iam/oauth-server

oauth-server package

Stand up your own OAuth 2.1 / OIDC provider. Authorization code + PKCE, refresh rotation, third-party app consent, JWT issuance with 1h default TTL.

Open docs

Stability: Stable
Scope: Tenant-scoped
Boundary: packages/iam/oauth-server
Owners: @nebutra/iam

oauth-serverpackages/iam/oauth-server

Tenant-isolated

Policy decisionpass

Actor verified
x
13 ms
Tenant scope
x
8 ms
oauth-server authorized
x
24 ms
Audit logged
x
12 ms

Active session

actor_epglobex_5907

servicemfa

Expires in 54m

Active sessions

156

+1%

Audit entries / day

16,272

Policy checks / s

132

+5%

packages/iam/oauth-serverIdentity and trust · single boundary

Usageoauth-server.ts

typescript

oauth-server.ts

1import { oauthServer } from "@nebutra/oauth-server";
2
3// Tenant-scoped, audit-logged by default.
4await oauthServer.check({
5  actor: getCurrentActor(),
6  tenantId: org.id,
7});

More in domain · identity and trustView domain

auditPackage

packages/iam/audit

Hash-chained, SHA-256 append-only audit log for actor/tenant actions. SOC 2-grade tamper detection, streaming export, and replay-safe queries.

Explore

authPackage

packages/iam/auth

Multi-provider auth — Clerk, Better Auth, or NextAuth. Same React surface, swap providers via preset config. MFA-enforced, session HMAC-signed.

Explore

captchaPackage

packages/iam/captcha

Bot challenge with Cloudflare Turnstile / hCaptcha / reCAPTCHA behind one verify() call. Server-side scoring, per-route enable, no third-party tracker on the client.

Explore

identityPackage

packages/iam/identity

Shared actor primitive — usr_/svc_/api_ ID space, role/membership lookup, tenant attachment. The single identity object every iam package reads.

Explore

oauth-server packagepackage

oauth-server package