All products

DoorAuthServer

Centralized OIDC / OAuth 2.0 SSO grid

Production-Ready · Identity Bridgeauth.alnodes.comgithub.com/alaminmain/DoorAuthServer
Execution88%

40+

API endpoints

100%

Test coverage

4

Framework integrations

MIT

Open source

Overview

DoorAuth is the centralized Identity Provider that secures the entire AlNodes ecosystem. Log in once at auth.alnodes.com and access every app — AptManager, the Ledger, Find School and beyond — through standards-based OAuth 2.0 / OIDC with PKCE, authorization-code flow, and refresh-token rotation.

It is built multi-tenant from the ground up: complete data isolation, tenant-specific roles, and custom branding per tenant. A granular RBAC engine drives Smart Menu Generation — the server returns a permission-filtered navigation menu so apps never hardcode menus.

Security is enterprise-grade out of the box: TOTP two-factor auth, brute-force protection with account locking, email verification and password recovery. 40+ documented API endpoints, 100% test coverage, and working SSO examples for Blazor, ASP.NET Core, React and Node.js.

Highlights
  • Standards-based OAuth 2.0 / OIDC with PKCE + refresh-token rotation
  • Single Sign-On and single sign-out across the whole app grid
  • Multi-tenant: data isolation, per-tenant roles & custom branding
  • Granular RBAC + Smart Menu Generation (permission-filtered nav)
  • TOTP 2FA, brute-force protection, email verification
  • 40+ API endpoints · 100% test coverage · MIT licensed
Tech Stack

Server

Node.js + Prisma ORM

Database

PostgreSQL

Admin UI

React dashboard

Protocols

OAuth 2.0 / OIDC + JWT

2FA

TOTP (Authenticator/Authy)

License

MIT (open source)

Feature breakdown

Grouped by module, with live execution status per feature.

Authentication & SSO

4 features

OAuth 2.0 / OIDC Provider

Live

Authorization-code flow, PKCE, JWT token management.

Refresh Token Rotation

Live

Refresh tokens expire after 7 days and rotate on each use.

Single Sign-On / Sign-Out

Live

Cross-app authentication with one logout clearing all sessions.

Session Management

Live

Remember-me and centralized session handling.

Multi-Tenancy & RBAC

4 features

Complete Tenant Isolation

Live

Each tenant's data fully separated on one instance.

Tenant-Specific Roles & Branding

Live

Independent roles, permissions, logos and themes per tenant.

Granular RBAC

Live

Role hierarchies and permission-based API authorization.

Smart Menu Generation

Live

Server returns a permission-filtered, hierarchical menu per user.

Security & Integrations

4 features

TOTP Two-Factor Auth

Live

Compatible with Google Authenticator, Authy and other TOTP apps.

Brute-Force Protection

Live

Account locking after failed attempts; configurable thresholds.

Email Verification & Recovery

Live

Token-based verification and built-in password recovery.

Framework SSO Examples

Live

Working integrations for Blazor, ASP.NET Core, React and Node.js.

Frequently asked questions

What is DoorAuthServer?+

DoorAuthServer is a self-hosted, multi-tenant Identity Provider that secures every AlNodes app with standards-based OAuth 2.0 / OIDC single sign-on. Log in once and access the whole app grid, with a single sign-out clearing all sessions.

What security features does DoorAuth include?+

DoorAuth ships TOTP two-factor authentication, brute-force protection with account locking, email verification, password recovery, and OAuth 2.0 with PKCE plus refresh-token rotation.

Which frameworks can integrate with DoorAuth?+

DoorAuth provides working single sign-on integration examples for Blazor Server, ASP.NET Core, React SPA and Node.js, exposed through 40+ documented API endpoints with 100% test coverage.

Is DoorAuth open source?+

Yes. DoorAuthServer is open source under the MIT license and is available on GitHub at github.com/alaminmain/DoorAuthServer.

Explore the rest of the grid

AptManagerapt.alnodes.comEnterprise Double-Entry Accountingledger.alnodes.comFind Schoolschool.alnodes.comRegister-Scan AI Utilityscan.alnodes.com