What is Aero2?

Aero2 is an authentication and identity platform that serves two roles:

As an OIDC Provider (OP)

Aero2 acts as an identity provider for your applications. Register an OAuth client, and your app can use Aero2 to authenticate users via the standard Authorization Code flow with PKCE.

• Issue RS256-signed access tokens, ID tokens, and refresh tokens
• Standard OIDC discovery at /.well-known/openid-configuration
• PKCE with S256 enforced for all authorization requests
• Token revocation and refresh token rotation

As a Relying Party (RP)

Aero2 can delegate authentication to external identity providers like GitHub or Google. Users click "Sign in with GitHub" and Aero2 handles the OAuth flow, creates a local account, and establishes a session.

• Connect any OAuth2 or OIDC provider
• Automatic user creation and identity linking
• Session management with secure HttpOnly cookies

Key Features

• Multi-tenant — Create isolated applications, each with its own user pool, settings, and branding
• RBAC — Role-based access control with custom roles and permissions
• Audit logging — Every security-relevant action is logged
• Admin API — Full REST API for user, client, role, and IdP management
• Developer dashboard — Self-service application management

Architecture

┌─────────────────────────────────────────────┐
│               Aero2 Platform                │
├─────────────┬──────────────┬────────────────┤
│   OIDC OP   │   Relying    │   Admin API    │
│  /oauth2/*  │   Party      │   /api/*       │
│             │   /rp/*      │                │
├─────────────┴──────────────┴────────────────┤
│  Per-App User Pool  │  Key Management       │
└─────────────────────┴───────────────────────┘

Learn More

• Key Concepts — Applications, users, organizations, and API keys
• How Authentication Works — Visual walkthrough
• OIDC & OAuth2 Overview — What these protocols do
• Tokens — Access, ID, and refresh tokens explained
• RP vs Provider — When Aero2 uses each role