Core (Authz)

OAuth 2.0 Authorization Server

The Authentication API is a full-featured OAuth 2.0 server implementation that specializes in secure machine-to-machine (M2M) authentication using the client credentials back channel flow. This flow is optimized for server-side applications that need to securely communicate with APIs without user interaction.

Key Capabilities

As a complete OAuth 2.0 authorization server, the API provides:
  • Token Endpoint/core/oauth2/token
    Issues access tokens to clients using the client credentials grant type, supporting secure back channel communication
  • Token Introspection/core/oauth2/introspect
    Validates tokens and returns metadata about their scope and validity
  • Client Management
    Comprehensive endpoints for creating, retrieving, updating, and deleting OAuth client applications with configurable scopes and credentials
  • Basic Authentication
    Alternative authentication method for simpler integration scenarios
  • Standard Discovery
    OpenID Connect discovery endpoints for automated configuration

Getting Started

To use the Authentication API, you'll need valid client credentials (client ID and client secret). To get your credentials, please send an email to hello@neobits.no with details about your integration needs.

For OAuth 2.0 authentication, your server application should:

  1. Request an access token via the back channel using the /core/oauth2/token endpoint with your client credentials
  2. Use that token in the Authorization header for subsequent API requests

Releases

v1.5.0

Improvements

  • Enhanced token payload with additional claims

v1.4.0

Improvements

  • Enhanced caching for better performance

  • Improved error responses with actionable information

v1.3.0

New features

  • Added support for OAuth 2.0 client credentials flow

  • Implemented scope-based authorization

  • Added resource-specific access tokens

Improvements

  • Optimized token validation for reduced latency

  • Enhanced token introspection with additional metadata

v1.2.0

New features

  • Added client management API endpoints

  • Support for client registration and configuration

  • Added ability to revoke tokens

v1.1.0

New features

  • Added support for role-based access control

  • Enhanced token validation with additional security checks

  • Improved error handling with detailed error messages

Improvements

  • Optimized token generation for better performance

  • Enhanced logging for better debugging

v1.0.0

New features

  • Initial release of Core API authorization server

  • Support for basic authentication

  • JWT token issuance with configurable expiration

  • Token introspection endpoint

  • OpenID Connect discovery endpoint

  • JWKS endpoint for public key retrieval