OakID is the OAuth 2.0 / OpenID Connect provider behind Sign in with OakID. Register an app in the Developer Portal, redirect users to authorize, exchange a code for tokens — no custom auth stack required. OakID is a hosted service. All endpoints live on id.oakwall.mom. Self-hosting and local deployment are not available.

What OakID provides

Authorization code + PKCE

Standard OAuth 2.0 flow with S256 PKCE for browser and mobile clients.

OIDC discovery

Machine-readable metadata at /.well-known/openid-configuration.

Developer portal

Create apps, manage redirect URIs, rotate secrets, revoke sessions.

Panel integration

OakWall Panel ships with Sign in with OakID out of the box.

Production URLs

ResourceURL
Issuerhttps://id.oakwall.mom
Developer portalid.oakwall.mom/developer
Documentationdocs.oakwall.mom
OIDC discoveryid.oakwall.mom/.well-known/openid-configuration
Panel OAuth callbackhttps://panel.oakwall.mom/login/oauth/callback

Discovery document

Every OIDC client should bootstrap from discovery — never hardcode endpoint paths.
curl -s https://id.oakwall.mom/.well-known/openid-configuration | jq .
{
  "issuer": "https://id.oakwall.mom",
  "authorization_endpoint": "https://id.oakwall.mom/oauth/authorize",
  "token_endpoint": "https://id.oakwall.mom/oauth/token",
  "userinfo_endpoint": "https://id.oakwall.mom/oauth/userinfo",
  "revocation_endpoint": "https://id.oakwall.mom/oauth/revoke",
  "jwks_uri": "https://id.oakwall.mom/oauth/jwks",
  "response_types_supported": ["code"],
  "scopes_supported": ["openid", "profile", "email"],
  "code_challenge_methods_supported": ["S256"],
  "token_endpoint_auth_methods_supported": ["client_secret_post", "client_secret_basic"]
}

Supported flows

FlowSupported
Authorization code (response_type=code)Yes
PKCE (code_challenge_method=S256)Yes — required for browser clients
Refresh token rotationYes
Implicit / hybridNo

Get started

1

Register an application

Open the Developer Portal and create an OAuth app with at least one redirect URI.
2

Implement authorize + token

Follow the Quickstart to complete your first code exchange.
3

Handle errors

See Errors & troubleshooting for invalid_grant, PKCE failures, and state mismatches.

Quickstart

First OAuth flow in under 10 minutes.

API Reference

OpenAPI spec for all OAuth endpoints.