Two API calls. Full OAuth flow. Your users sign in once and get seamless access across every service you build.
Olyron Identity uses a standard OAuth 2.0 authorization-code flow.
Head to your Olyron org dashboard → Developer Apps and register a new OAuth client. You'll get an app_key and client_secret.
Send users to the authorize endpoint with your app_key and a redirect URI. If they're not signed in, Olyron handles the entire login flow.
After the user approves, Olyron redirects back with a one-time code. POST it to the token endpoint with your client_secret to get the user profile.
// Build the authorize URL
const OLYRON_URL = "https://accounts.olyron.com";
const params = new URLSearchParams({
app_key: "your-app-key",
redirect_uri: "https://yourapp.com/auth/callback",
state: crypto.randomUUID(), // CSRF protection
});
// Redirect the user
window.location.href =
`${OLYRON_URL}/api/sso/authorize?${params}`;// In your callback handler
const res = await fetch(
"https://accounts.olyron.com/api/sso/token",
{
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
code: searchParams.get("code"),
app_key: "your-app-key",
client_secret: process.env.OLYRON_CLIENT_SECRET,
}),
}
);
const { user } = await res.json();
// user = { id, email, full_name, avatar_url }
// Create a session in your app
await createSession(user);{
"user": {
"id": "a1b2c3d4-...",
"email": "user@example.com",
"full_name": "Jane Doe",
"avatar_url": "https://..."
}
}MFA, session management, and brute-force protection handled for you.
JWTs carry organization context and RBAC roles out of the box.
Two API calls — authorize and token. No SDK required.
Rotate client secrets instantly from the dashboard with zero downtime.
Create an Olyron account, register your app, and start accepting "Sign in with Olyron" in under five minutes.