🚀 The successor to oauthjs/oauth2-server. 🔒 Complete, compliant, maintained and well tested OAuth2 Server for node.js. Includes native async await and PKCE.

A full featured, secure, standards compliant TypeScript implementation of an OAuth 2.0 authorization server for Nodejs that utilizes JWT and Proof Key for Code Exchange (PKCE)

A chapterwise tutorial that will take you through the fundamentals of modern authentication with Microsoft identity platform in Vanilla JavaScript.

Application security best practices and code implementations for Java developers. This project is intended for didactic purposes only, supporting my training course.

A React & Redux single-page application that authorizes an ASP.NET Core web API to call MS Graph API on-behalf-of a signed-in user.

An OAuth 2.x / OIDC 1.0 client library for Python built on top of `requests`.

An example project to demonstrate the OAuth 2.0 authorization code flow against a protected web api resource with RBAC roles.

📝 [Article] VK Auth in NestJS + React

Django based microservice architecture with oauth2 🔋🌟

Add MFA/2FA support in your CLI

Implementation of OAuth2 authorization code flow

OAuth/ Authorization Code Flow with PKCE extension by Expo AuthSession

An OAuth 2.0 client library for Python, built on top of `niquests`.

A command-line tool that demonstrates the **OAuth 2.0 Authorization Code Flow** (RFC 6749 §4.1) with **PKCE** (RFC 7636) against an AuthGate server.

A Spring Boot application demonstrating OAuth 2.0 authentication with GitHub using the Authorization Code flow.

Implementation of Authorization code flow between auth0, blazor webapp and a rest API with docker-compose for orchestration

Check your Spotify data as plotly graphs in Django app using authorization code flow

[Sample] OAuth Authorization Code flow in ABAP (on-premise)

🛡️ Cerberus IAM Laravel Integration Package (PHP)

OpenCode plugin that secures OpenAI-compatible model providers with OAuth2/OIDC (Authorization Code + PKCE), auto-discovers and syncs models from /v1/models, and injects bearer tokens per request — with strict refresh-token enforcement.