Documentation
OAuth backend
backend-oauth-http is Everlock's OAuth2 / OIDC token issuer. It mounts under frontend-http and uses an Everlock versioned-storage store for client registrations, signing keys, and issued tokens.
Current state
- Implemented and active
- Issues access and ID tokens against Everlock users
- Stores clients, codes, and keys in a dedicated versioned store
- Login flow runs through the HTTP frontend
What it provides
- the standard
/authorize,/token,/jwks, and discovery endpoints - Everlock user authentication during the login step
- per-instance configuration via
config/oauth-http.tomlin the system store - ECDSA / RSA signing keys generated and rotated through the store
Configuration
| Key | Description |
|---|---|
enabled | Whether the backend starts at all |
store | Versioned store name used for this OAuth instance |
issuer_url | OIDC issuer URL (also appears in token iss claims and discovery) |
CLI flags follow the standard naming: --backend-oauth-http, --backend-oauth-http-store, --backend-oauth-http-issuer-url.