# Introduction **Production-ready OAuth 2.0 Server and OpenID Connect 1.0 Provider** Authority is a complete authentication infrastructure built with Crystal, featuring enterprise-grade security and a modern admin dashboard. ## Quick Start Get Authority running in 5 minutes: ```bash # Clone the repository git clone https://github.com/azutoolkit/authority.git cd authority # Start with Docker docker-compose up -d # Visit http://localhost:4000 ``` See [Quick Start Tutorial](https://azutopia.gitbook.io/authority/tutorials/quick-start) for a complete walkthrough. ## Key Features | Category | Features | | ------------------ | ------------------------------------------------------------------------- | | **OAuth 2.0** | Authorization Code, PKCE, Client Credentials, Device Flow, Refresh Tokens | | **OpenID Connect** | ID Tokens, UserInfo, Discovery, JWKS | | **Security** | MFA/TOTP, Account Lockout, Password Policies, Audit Logging | | **Admin** | Client Management, User Management, Scope Configuration, Settings | ## Documentation Overview This documentation is organized using the [Diataxis framework](https://diataxis.fr/): ### [Tutorials](https://azutopia.gitbook.io/authority/tutorials/tutorials) Step-by-step guides for learning Authority: * [Quick Start](https://azutopia.gitbook.io/authority/tutorials/quick-start) - Get running in 5 minutes * [First OAuth Integration](https://azutopia.gitbook.io/authority/tutorials/first-oauth-integration) - Build your first OAuth app * [Protect Your API](https://azutopia.gitbook.io/authority/tutorials/protect-your-api) - Secure your endpoints * [Add User Authentication](https://azutopia.gitbook.io/authority/tutorials/add-user-authentication) - Implement login flows ### [How-To Guides](https://azutopia.gitbook.io/authority/how-to-guides/docker) Task-oriented guides for specific goals: * [Installation](https://azutopia.gitbook.io/authority/how-to-guides/docker) - Docker, source, Kubernetes * [Configuration](https://azutopia.gitbook.io/authority/how-to-guides/environment-variables) - Environment setup * [Security](https://azutopia.gitbook.io/authority/how-to-guides/enable-mfa) - MFA, lockout, passwords * [OAuth Clients](https://azutopia.gitbook.io/authority/how-to-guides/register-client) - Client management ### [Reference](https://azutopia.gitbook.io/authority/reference/oauth2) Technical specifications and API documentation: * [OAuth 2.0 Flows](https://azutopia.gitbook.io/authority/reference/oauth2) - Grant type specifications * [OpenID Connect](https://azutopia.gitbook.io/authority/reference/openid-connect) - OIDC endpoints * [API Endpoints](https://azutopia.gitbook.io/authority/reference/endpoints) - Complete API reference * [Configuration](https://azutopia.gitbook.io/authority/reference/all-options) - All settings ### [Explanation](https://azutopia.gitbook.io/authority/explanation/architecture) Understanding concepts and architecture: * [Architecture](https://azutopia.gitbook.io/authority/explanation/architecture) - System design * [OAuth 2.0 Concepts](https://azutopia.gitbook.io/authority/explanation/oauth2-concepts) - Protocol fundamentals * [Security Model](https://azutopia.gitbook.io/authority/explanation/security-model) - Security architecture * [Choosing Grant Types](https://azutopia.gitbook.io/authority/explanation/grant-type-selection) - Decision guide ## Standards Compliance Authority implements these specifications: * [RFC 6749](https://tools.ietf.org/html/rfc6749) - OAuth 2.0 Authorization Framework * [RFC 6750](https://tools.ietf.org/html/rfc6750) - Bearer Token Usage * [RFC 7519](https://tools.ietf.org/html/rfc7519) - JSON Web Token (JWT) * [RFC 7636](https://tools.ietf.org/html/rfc7636) - Proof Key for Code Exchange (PKCE) * [RFC 7662](https://tools.ietf.org/html/rfc7662) - Token Introspection * [RFC 7009](https://tools.ietf.org/html/rfc7009) - Token Revocation * [RFC 8628](https://tools.ietf.org/html/rfc8628) - Device Authorization Grant * [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html) ## Technology Stack | Component | Technology | | ------------- | -------------------------- | | Language | Crystal | | Web Framework | Azu | | Database | PostgreSQL | | Templating | Crinja (Jinja2-compatible) | | Caching | Redis (optional) | ## Screenshots ![Landing Page](https://994706697-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlOWXZIZjvh1Ih2caxSvI%2Fuploads%2Fgit-blob-0e196e6ece06e42ccb7a52cbe24b3c5c77a6e579%2Flanding-page.gif?alt=media) ![Admin Dashboard](https://994706697-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlOWXZIZjvh1Ih2caxSvI%2Fuploads%2Fgit-blob-7e6d44d6b7eaae2061d5d8d1f7c5f404a6916986%2Fadmin-clients.gif?alt=media) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://azutopia.gitbook.io/authority/readme.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.