OIDC & OAuth2
Authorization Code Flow with PKCE, Refresh Tokens, ROPC, Token Introspection (RFC 7662), Token Revocation (RFC 7009), and a full OIDC Discovery document.
Autentico
Simple. Safe. Self-hosted. Identity on your terms.
What is Autentico?
Section titled “What is Autentico?”Autentico is a standards-compliant OpenID Connect (OIDC) Identity Provider built with Go. It handles the full authentication lifecycle — login, MFA, passkeys, session management, token issuance, and administration — in a single binary backed by SQLite.
There is no external database to provision, no connection pool to tune, and no infrastructure to manage beyond the binary itself. You run it, point your applications at it, and it works.
Try it live
Section titled “Try it live”A fresh, dedicated Autentico instance is provisioned just for you—Launch a Live Demo →
Each demo session provisions an isolated, ephemeral instance. All data and configuration are automatically purged after 24 hours. No shared state, no persistence, no surprises.
Features
Section titled “Features”Passkeys & MFA
WebAuthn/FIDO2 passkey authentication, TOTP with in-browser QR enrollment, Email OTP, and trusted device recognition to reduce MFA friction on known devices.
Admin UI
A built-in React dashboard for managing users, clients, and sessions. Runtime settings update without restarting the server.
Zero Dependencies
Single Go binary with embedded SQLite. No Postgres, no Redis, no sidecars. Deploy anywhere a binary can run.
Three-Layer Config
Immutable bootstrap settings from .env, runtime settings in the database
(hot-reloadable), and per-client overrides for token TTLs, auth modes, and
more.
Production Ready
RS256 JWT signing, CSRF protection, bcrypt password and secret hashing, account lockout, configurable session idle timeouts, and a background cleanup service.