Brain Identity
Middleware
Standard OAuth 2.0 for secure third-party app integration. Self-service developer console, no password exposure.
How this repo is split
shared/oauth-wrapper is the reusable OAuth server core. oauth-wrapper is this example’s wiring (session cookie, login orchestration, Supabase repository). To use another login API, replace the provider adapter under demo-oauth and rebind IOC—the core stays stable.
This deployment: Brain User login
This running example uses Brain User API via BrainUserAdapter under oauth-wrapper (see OAUTH_WRAPPER_API_BASE). It is one reference provider—your fork can swap in Keycloak, a custom REST API, etc., without changing the OAuth surface.
Standard OAuth 2.0
shared/oauth-wrapper implements RFC flows, PKCE, token exchange, and client registry—provider-agnostic.
Self-service Console
Plug in any upstream via OAuthUserAdapter; this repo ships a reference under oauth-wrapper.
Serverless Ready
Register apps, manage redirect URIs, and debug the full flow in the Playground.
Key endpoints
End-user sign-in (example provider)
POST /api/oauth/verify
GET /oauth/authorize?client_id=your_app&redirect_uri=...
POST/oauth/token -d "grant_type=authorization_code&code=..."
Ready to build?
Create your first OAuth app in minutes.
Go to console