Multi-tenant OAuth 2.0 authorization server.
# 1. Generate an RS256 keypair
openssl genrsa -out private.pem 2048
PEM=$(awk 'BEGIN{ORS="\\n"} {print}' private.pem)
# 2. Copy env template
cp .env.example .env
# edit .env, set APP_OAUTH_PRIVATE_KEY to "$PEM" (with quotes)
# 3. Run
docker compose up --buildThe server boots on http://localhost:5001, runs migrations, and seeds a
default tenant + admin user + OAuth client from env vars.
curl http://localhost:5001/.well-known/openid-configuration
curl http://localhost:5001/.well-known/jwks
curl -X POST http://localhost:5001/connect/token \
-H 'content-type: application/x-www-form-urlencoded' \
-H 'x-tenant-id: lansongxanh' \
-d 'grant_type=password' \
-d 'client_id=default-client' \
-d 'client_secret=default-client-secret' \
-d 'username=admin@example.com' \
-d 'password=ChangeMe!123' \
-d 'scope=protected-api offline_access'See api.md for all supported flows.
- Spec:
docs/superpowers/specs/2026-05-11-python-auth-server-scaffold-design.md - Plan:
docs/superpowers/plans/2026-05-11-python-auth-server-scaffold.md