AuthGate
AuthGate
Log in
Identity & Access Management

Your authorization
server, ready to use.

AuthGate IAM is an OAuth2 authorization server. Register your applications as clients, define what roles your users can have, and let IAM handle login, token issuance, and access control — so you do not have to build any of that from scratch.

Open dashboardNext: API Gateway

Key concepts

Three things to understand.

Client

A registered OAuth2 application — like your web app or mobile app. You register it in AuthGate, get a client ID and secret, and your app can start authenticating users through IAM.

Role

A label you define under a client — like ROLE_ADMIN or ROLE_VIEWER. When someone logs in, their role is embedded in the JWT token your backend receives.

User

An account registered under a client. Users can sign in with a username and password, or with Google and GitHub. Their role determines what they can do in your app.

Registering a client

A 4-step wizard walks you through it.

Creating an OAuth2 client in AuthGate is designed to be straightforward even if you have never set up OAuth2 before.

01

Basic info

Give your client an ID and a name. The client ID is what your app uses to identify itself to IAM.

02

Capabilities

Choose the authentication methods and OAuth2 grant types your app needs — authorization code, client credentials, and more.

03

URIs & scopes

Set the redirect URIs your app uses after login and the scopes (permissions) your app can request.

04

Token settings

Configure access token and refresh token lifetimes, whether to require PKCE, and the token format.

Roles & users

Control access after login.

Roles

Choose a client

Roles belong to a specific client. Pick which client this role applies to.

Name your role

Give it a clear name like ROLE_ADMIN or ROLE_VIEWER. This name appears in the JWT token.

Add a description

Describe what this role is allowed to do — helps your team stay organized.

Users

Choose a client

Users belong to a specific client — just like roles.

Set username and email

Each user has a username, email, first and last name.

Login with password or social

Users can sign in with a password, or with Google and GitHub as identity providers.

Explore more features

API Gateway

Route traffic to your services and enforce auth on every request.

BFF as a Service

Host and secure frontend apps using secure Backend-for-Frontend cookie patterns.

Secure Tunnels

Establish secure connections to register local development hosts.