Repositories list

• token-handler-js-assistant

  Public
  A helper library to help SPAs interact with OAuth Agent in the Token Handler pattern.

  oauth2spaopenid-connect+ 2token-handleroauth-agent

  TypeScript

  •

  Apache License 2.0

  •2•1•0•0•Updated Aug 1, 2025Aug 1, 2025

• phantom-token-lambda-authorizer

  Public
  A generic lambda authorizer implementing the phantom token pattern

  JavaScript

  •

  Apache License 2.0

  •2•0•0•1•Updated Jul 31, 2025Jul 31, 2025

• mcp-authorization-secured-api

  Public
  Shows how organizations can expose secure API data to AI agents using Model Content Protocol Authorization

  TypeScript

  •

  Apache License 2.0

  •0•1•3•0•Updated Jul 29, 2025Jul 29, 2025

• github-authenticator

  Public
  Github oauth authenticator that can be used with any Java-based Web API

  githubpluginoauth2+ 2loginauthenticator

  Java

  •

  Apache License 2.0

  •2•4•0•1•Updated Jul 22, 2025Jul 22, 2025

• angular-assisted-token-website

  Public
  Example Angular SPA that implements OpenID Connect using the assisted token flow

  spaopenid-connectassisted-token+ 3code-exampleoauth2angular

  TypeScript

  •

  Apache License 2.0

  •3•6•0•6•Updated Jul 21, 2025Jul 21, 2025

• oauth-assistant-example

  Public
  A vanilla JavaScript SPA that uses the OAuth Assistant

  spaopenid-connectcode-example+ 2oauth-assistantoauth2

  JavaScript

  •

  Apache License 2.0

  •0•0•1•0•Updated Jul 17, 2025Jul 17, 2025

• authzen-token-procedure

  Public
  A token procedure plugin enabling callout to an AuthZEN compliant authorizations service (PDP)

  pluginauthorizationtoken-procedure+ 1authzen

  Java

  •

  Apache License 2.0

  •0•0•0•0•Updated Jul 15, 2025Jul 15, 2025

• username-password-authenticator

  Public
  An authenticator to customize username and password flows

  pluginauthenticatorcurity+ 1username-password

  Java

  •

  Apache License 2.0

  •1•6•0•1•Updated Jul 12, 2025Jul 12, 2025

• polling-example-authenticator

  Public
  A minimal authentication plugin implementing the polling mechanism

  Java

  •

  Apache License 2.0

  •0•0•0•0•Updated Jul 7, 2025Jul 7, 2025

• mock-backend-api

  Public
  Mock backend API to simulate a user-driven approval flow used by a custom polling authenticator

  JavaScript

  •0•0•0•0•Updated Jul 7, 2025Jul 7, 2025

• idsvr-docker

  Public
  Docker-related files, resources, and information for the Curity Identity Server

  deploymentcuritydocker

  Dockerfile

  •

  Apache License 2.0

  •3•9•0•0•Updated Jul 3, 2025Jul 3, 2025

• JOSESwift

  Public
  A framework for the JOSE standards JWS, JWE, and JWK written in Swift.

  Swift

  •

  Apache License 2.0

  •118•1•0•0•Updated Jun 30, 2025Jun 30, 2025

• cloud-native-oauth-security-examples

  Public
  End-to-end code examples for the O'Reilly book on Cloud Native Data Security with OAuth

  TypeScript

  •

  Apache License 2.0

  •6•15•0•0•Updated Jun 24, 2025Jun 24, 2025

• spa-using-curitytokenhandler

  Public
  Demonstrates Hardened Security for Single Page Applications

  reactoauth2spa+ 3openid-connectcode-exampletoken-handler

  TypeScript

  •

  Apache License 2.0

  •1•4•0•0•Updated Jun 24, 2025Jun 24, 2025

• spa-using-token-handler

  Public
  API driven OpenID Connect SPA security, using only the most secure cookies in the browser

  reactoauth2spa+ 3openid-connectcode-exampletoken-handler

  TypeScript

  •

  Apache License 2.0

  •20•68•0•0•Updated Jun 24, 2025Jun 24, 2025

• client-assertions-with-jwks-uri

  Public
  API security requiring clients to use strong authentication, via client assertions (RFC7521, RFC7523)

  apioauth2zero-trust+ 4code-exampleclient-assertionfinancial-gradejwks-uri

  JavaScript

  •

  Apache License 2.0

  •0•0•0•0•Updated Jun 20, 2025Jun 20, 2025

• mobile-deployments

  Public
  Resources for automating the setup of Curity mobile code examples

  dockeroauth2mobile+ 2deploymentopenid-connect

  Shell

  •

  Apache License 2.0

  •1•0•0•0•Updated Jun 20, 2025Jun 20, 2025

• ios-haapi-ui-sdk-demo

  Public
  An OpenID Connect iOS demo app showing how to use the HAAPI UI SDK and hardened mobile security

  iosoauth2mobile+ 3openid-connectcode-examplehaapi

  Swift

  •

  Apache License 2.0

  •0•0•0•0•Updated Jun 16, 2025Jun 16, 2025

• android-haapi-ui-sdk-demo

  Public
  An OpenID Connect Android demo app showing how to use the HAAPI UI SDK and hardened mobile security

  androidoauth2mobile+ 3openid-connectcode-examplehaapi

  Kotlin

  •

  Apache License 2.0

  •1•1•0•0•Updated Jun 16, 2025Jun 16, 2025

• dotnet-api-jwt-validation

  Public
  Code example of how to validate JWTs and authorize requests in a .NET API

  apioauth2dotnet+ 5scopesclaimszero-trustjwt-validationcode-example

  C#

  •

  Apache License 2.0

  •0•1•0•0•Updated Jun 16, 2025Jun 16, 2025

• dotnet-openid-connect-webapp

  Public
  An example website that implements OAuth 2.0 and OpenID Connect in .NET

  websiteoauth2dotnet+ 2openid-connectcode-example

  C#

  •

  Apache License 2.0

  •4•10•0•0•Updated Jun 16, 2025Jun 16, 2025

• idsvr-helm

  Public
  This repository contains the Curity Identity Server helm chart source code.

  deploymentopenshiftcurity+ 3oidc-serverkuberneteshelm

  Mustache

  •

  Apache License 2.0

  •22•10•4•1•Updated Jun 16, 2025Jun 16, 2025

• ios-idsvr-haapi-ui-kit-dist

  Public
  Objective-C

  •0•0•0•0•Updated Jun 16, 2025Jun 16, 2025

• ios-idsvr-haapi-driver-dist

  Public
  Distribution of the iOS Hypermedia Authentication API (HAAPI) DRIVER for the Curity Identity Server

  sdkhaapiios

  Objective-C

  •0•2•0•0•Updated Jun 16, 2025Jun 16, 2025

• ios-idsvr-haapi-sdk-dist

  Public
  Distribution of the iOS Hypermedia Authentication API (HAAPI) SDK for the Curity Identity Server

  haapiiossdk

  Objective-C

  •0•8•0•0•Updated Jun 16, 2025Jun 16, 2025

• basic-application-plugin

  Public
  A hello world application plugin

  Kotlin

  •

  Apache License 2.0

  •0•0•0•0•Updated Jun 4, 2025Jun 4, 2025

• deny-authentication-action-with-dynamic-message

  Public
  Java

  •

  Apache License 2.0

  •0•0•0•0•Updated May 28, 2025May 28, 2025

• nginx_oauth_proxy_module

  Public
  NGINX module that decrypts secure cookies from Single Page Apps and forwards JWT access tokens to APIs

  nginxoauth2spa+ 3api-gatewayoauth-proxytoken-handler

  Perl

  •

  Apache License 2.0

  •4•18•0•0•Updated May 22, 2025May 22, 2025

• nginx_phantom_token_module

  Public
  NGINX module that introspects phantom access tokens according to RFC 7662

  introspectionphantom-tokennginx+ 2oauth2api-gateway

  Perl

  •

  Apache License 2.0

  •16•64•1•0•Updated May 22, 2025May 22, 2025

• mulesoft-flex-phantom-token-policy

  Public
  A custom policy for the Mulesoft Flex Gateway to introspect opaque access tokens and forward JWTs to APIs

  oauth2api-gatewaymulesoft+ 2introspectionphantom-token

  Rust

  •

  Apache License 2.0

  •0•1•0•0•Updated May 15, 2025May 15, 2025