Calimatic OIDC / OAuth 2.0 Provider

Integrate your application with the Calimatic Auth platform using standards-compliant OpenID Connect and OAuth 2.0.

OAuth 2.0 (RFC 6749)OpenID Connect Core 1.0PKCE (RFC 7636)Token Introspection (RFC 7662)Token Revocation (RFC 7009)Dynamic Registration (RFC 7591)

Quick Links

Discovery Document JWKS Endpoint

API Reference

Complete reference for all OIDC/OAuth2 endpoints including authorization, token, userinfo, introspection, revocation, and dynamic client registration.

Integration Guide

Step-by-step guides for integrating your app using Next.js, React SPA, Python, PHP, or any standard OAuth2 client library. Includes migration guide from the legacy exchange flow.

Architecture

Internal implementation details covering RSA key management, token lifecycle, database schema, consent system, rate limiting, and the relationship between the platform and Keycloak.

Getting Started

The Calimatic Auth platform is a standards-compliant OIDC/OAuth2 provider. Any OAuth 2.0 client library can integrate by pointing to the discovery URL:

https://auth.calimatic.com/.well-known/openid-configuration

The provider supports three grant types:

Authorization Code + PKCE — Web apps, SPAs, and mobile apps (user authentication)
Refresh Token — Renewing expired access tokens
Client Credentials — Machine-to-machine communication (no user context)

All tokens are signed with RSA (RS256) and can be verified using the public keys at the JWKS endpoint.

Base URL

https://auth.calimatic.com

Endpoints at a Glance

Discovery	`GET`	`/.well-known/openid-configuration`
Authorization	`GET`	`/api/v1/oidc/authorize`
Token	`POST`	`/api/v1/oidc/token`
UserInfo	`GET / POST`	`/api/v1/oidc/userinfo`
JWKS	`GET`	`/api/v1/oidc/jwks`
Introspection	`POST`	`/api/v1/oidc/introspect`
Revocation	`POST`	`/api/v1/oidc/revoke`
End Session	`GET`	`/api/v1/oidc/end-session`
Registration	`POST`	`/api/v1/oidc/register`