Identity
Infrastructure.

Centralized auth for every app you build. One server. Zero repetition. Black Bird ships production-ready identity so you don't write another login form.

Start Building View Docs

RS256·RFC 9068·OIDC 1.0·Argon2id

identity_core · status: online

0Auth Server

0Connected Apps

0Repeated Auth Logic

/ how it works

Three steps to ship.

Register your app

Issue a client_id and a single-reveal client_secret from the admin dashboard.

Get client credentials

Drop the keys into your .env. No SDK lock-in. Standards-compliant OAuth flows.

Validate JWTs locally

Fetch the JWKS once, cache the public key, verify tokens in microseconds at the edge.

/ capabilities

Built like a protocol, not a library.

Standards under the hood. Opinionated defaults at the edges. Nothing you have to wire twice.

/ Crypto

RS256 signing

Asymmetric keys mean your services verify without ever holding a secret.

/ Access

RBAC, global + per-app

Roles scoped to the platform, or to individual apps. Fine-grained by default.

/ Sessions

Refresh rotation

Family-revocation on reuse. Compromised refresh tokens take the whole tree down.

/ Hashing

Argon2id passwords

Memory-hard hashing tuned for current hardware. Configurable cost factor.

/ Discovery

JWKS endpoint

/.well-known/jwks.json. Rotate keys without breaking a single verifier.

/ Admin

App lifecycle

/ the token

Signed, never stored.

Every Black Bird JWT carries identity, audience, and roles — verified by your services with a public key. No database lookup per request.

HEADER● segment

{
  "alg": "RS256",
  "typ": "JWT",
  "kid": "bb_2025_01"
}

PAYLOAD● segment

{
  "iss": "https://auth.shoukan-labs.com",
  "sub": "usr_8f3b...",
  "aud": "app_prod_api",
  "exp": 1749740000,
  "roles": ["admin", "billing:read"]
}

SIGNATURE● segment

kP3Vq…F0a — RSA-PKCS1-v1_5 SHA-256

Your apps.
One identity.

Open the admin dashboard and register your first app in under thirty seconds.

Open Dashboard

IdentityInfrastructure.