Secure Authentication, Simplified
Enterprise-ready identity platform for modern applications. Implement authentication and authorization in minutes with multi-tenant support, SSO, email verification APIs, and standards-based security.
Get Started Free Sign In API Reference
No credit card required · Free up to 500 users
Why Ailacs Identity
Build secure, scalable authentication into your application without the complexity. We handle identity so you can focus on your product.
Multi-Tenant Architecture
Complete tenant isolation with centralized management. Perfect for B2B SaaS applications with organization-level access control.
Standards-Based SSO
OpenID Connect and OAuth 2.0 flows powered by OpenIddict. Integrate with enterprise identity providers seamlessly.
Enterprise Ready
99.9% uptime SLA, audit logs, RBAC, MFA, and custom branding. Built for compliance with SOC 2 and GDPR requirements.
Email Verification API
Offer email verification as a separate metered API service, with usage tracked per tenant and documented for fast integration.
Built for Developers
Implement authentication in minutes with our comprehensive SDKs and documentation. No security expertise required.
- Quick Integration: Add authentication to your app in under 10 minutes
- Modern SDKs: Support for .NET, Node.js, Python, React, Angular, and more
- Comprehensive Docs: Step-by-step guides, tutorials, and API reference for identity and verification APIs
- Active Support: Developer community and dedicated technical support
// Program.cs — add auth in minutes (.NET 10)
// dotnet add package Microsoft.AspNetCore.Authentication.OpenIdConnect
builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(options =>
{
options.Authority = "https://auth.ailacs.com";
options.ClientId = builder.Configuration["Ailacs:ClientId"];
options.ResponseType = "code";
options.UsePkce = true;
options.Scope.Add("openid"); options.Scope.Add("profile"); options.Scope.Add("email");
options.SaveTokens = true;
options.MapInboundClaims = false;
options.GetClaimsFromUserInfoEndpoint = true;
});
// Protect your endpoints with a single attribute
[Authorize]
public class DashboardController : Controller { }// B2C Auth — Node.js / Express
// npm install openid-client express-session
const { Issuer, generators } = require('openid-client');
let client;
Issuer.discover('https://auth.ailacs.com').then(issuer => {
client = new issuer.Client({
client_id: process.env.AILACS_CLIENT_ID,
redirect_uris: ['https://yourapp.com/callback'],
response_types: ['code'],
});
});
app.get('/login', (req, res) => {
const codeVerifier = generators.codeVerifier();
req.session.codeVerifier = codeVerifier;
req.session.state = generators.state();
res.redirect(client.authorizationUrl({
scope: 'openid profile email',
state: req.session.state,
code_challenge: generators.codeChallenge(codeVerifier),
code_challenge_method: 'S256',
}));
});
app.get('/callback', async (req, res) => {
const tokenSet = await client.callback(
'https://yourapp.com/callback',
client.callbackParams(req),
{ code_verifier: req.session.codeVerifier, state: req.session.state }
);
req.session.user = tokenSet.claims();
res.redirect('/dashboard');
});# B2C Auth — Python / FastAPI
# pip install authlib fastapi starlette uvicorn
from fastapi import FastAPI, Request, Depends, HTTPException
from fastapi.responses import RedirectResponse
from authlib.integrations.starlette_client import OAuth
from starlette.middleware.sessions import SessionMiddleware
import os
app = FastAPI()
app.add_middleware(SessionMiddleware, secret_key=os.environ['SESSION_SECRET'])
oauth = OAuth()
oauth.register(
name='ailacs',
server_metadata_url='https://auth.ailacs.com/.well-known/openid-configuration',
client_id=os.environ['AILACS_CLIENT_ID'],
client_kwargs={ 'scope': 'openid profile email', 'code_challenge_method': 'S256' }
)
@app.get('/login')
async def login(request: Request):
return await oauth.ailacs.authorize_redirect(request, request.url_for('auth_callback'))
@app.get('/callback')
async def auth_callback(request: Request):
token = await oauth.ailacs.authorize_access_token(request)
request.session['user'] = token['userinfo']
return RedirectResponse(url='/dashboard')
def require_auth(request: Request):
if 'user' not in request.session:
raise HTTPException(status_code=401)
return request.session['user']
@app.get('/dashboard')
async def dashboard(user=Depends(require_auth)):
return {'message': f"Hello, {user['name']}"}// B2C Auth — Java / Spring Boot 3
// application.yml:
// spring.security.oauth2.client.registration.ailacs:
// client-id: ${AILACS_CLIENT_ID}
// client-authentication-method: none # public client — PKCE only
// authorization-grant-type: authorization_code
// redirect-uri: "{baseUrl}/login/oauth2/code/ailacs"
// scope: openid,profile,email
// spring.security.oauth2.client.provider.ailacs:
// issuer-uri: https://auth.ailacs.com
@Configuration @EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests(auth -> auth
.requestMatchers("/", "/public/**").permitAll()
.anyRequest().authenticated()
)
.oauth2Login(oauth2 -> oauth2
.defaultSuccessUrl("/dashboard", true)
);
return http.build();
}
}// B2C Auth — Go
// go get github.com/coreos/go-oidc/v3/oidc golang.org/x/oauth2
var (
provider *oidc.Provider
oauth2Conf oauth2.Config
verifier *oidc.IDTokenVerifier
)
func init() {
ctx := context.Background()
provider, _ = oidc.NewProvider(ctx, "https://auth.ailacs.com")
verifier = provider.Verifier(&oidc.Config{ClientID: "your-client-id"})
oauth2Conf = oauth2.Config{
ClientID: "your-client-id",
RedirectURL: "https://yourapp.com/callback",
Endpoint: provider.Endpoint(),
Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
}
}
func loginHandler(w http.ResponseWriter, r *http.Request) {
cv := oauth2.GenerateVerifier()
http.SetCookie(w, &http.Cookie{Name: "pkce_v", Value: cv, HttpOnly: true, Secure: true})
http.Redirect(w, r, oauth2Conf.AuthCodeURL(randomState(),
oauth2.S256ChallengeOption(cv)), http.StatusFound)
}
func callbackHandler(w http.ResponseWriter, r *http.Request) {
vc, _ := r.Cookie("pkce_v")
token, _ := oauth2Conf.Exchange(r.Context(), r.URL.Query().Get("code"),
oauth2.VerifierOption(vc.Value))
rawID, _ := token.Extra("id_token").(string)
idToken, _ := verifier.Verify(r.Context(), rawID)
var claims struct{ Sub, Name, Email string }
idToken.Claims(&claims)
http.Redirect(w, r, "/dashboard", http.StatusFound)
}<?php
// B2C Auth — PHP / Laravel 11
class AuthController extends Controller
{
public function login(Request $request)
{
$verifier = bin2hex(random_bytes(32));
$challenge = rtrim(strtr(base64_encode(
hash('sha256', $verifier, true)), '+/', '-_'), '=');
session(['pkce_verifier' => $verifier, 'oauth_state' => bin2hex(random_bytes(16))]);
return redirect('https://auth.ailacs.com/connect/authorize?' . http_build_query([
'response_type' => 'code',
'client_id' => config('services.ailacs.client_id'),
'redirect_uri' => config('services.ailacs.redirect'),
'scope' => 'openid profile email',
'state' => session('oauth_state'),
'code_challenge' => $challenge,
'code_challenge_method' => 'S256',
]));
}
public function callback(Request $request)
{
abort_unless($request->state === session('oauth_state'), 422);
$tokens = Http::asForm()->post('https://auth.ailacs.com/connect/token', [
'grant_type' => 'authorization_code',
'code' => $request->code,
'redirect_uri' => config('services.ailacs.redirect'),
'client_id' => config('services.ailacs.client_id'),
'code_verifier' => session('pkce_verifier'),
])->json();
$claims = $this->verifyIdToken($tokens['id_token']);
Auth::login(User::updateOrCreate(['sub' => $claims['sub']], ['email' => $claims['email']]));
return redirect('/dashboard');
}
}# B2C Auth — Ruby on Rails 7+
# gem 'omniauth-openid-connect', 'omniauth-rails_csrf_protection'
# config/initializers/omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :openid_connect,
name: :ailacs,
scope: [:openid, :profile, :email],
response_type: :code,
issuer: 'https://auth.ailacs.com',
discovery: true,
pkce: true,
client_options: {
identifier: ENV['AILACS_CLIENT_ID'],
secret: ENV['AILACS_CLIENT_SECRET'],
redirect_uri: ENV['AILACS_REDIRECT_URI']
}
end
# app/controllers/sessions_controller.rb
class SessionsController < ApplicationController
def create
auth = request.env['omniauth.auth']
user = User.find_or_initialize_by(sub: auth.uid)
user.update!(name: auth.info.name, email: auth.info.email)
session[:user_id] = user.id
redirect_to dashboard_path
end
def destroy
session[:user_id] = nil
redirect_to "https://auth.ailacs.com/connect/logout" \
"?post_logout_redirect_uri=#{CGI.escape(root_url)}"
end
end// B2C Auth — TypeScript / React + react-oidc-context
// npm install oidc-client-ts react-oidc-context
// src/auth/authConfig.ts
import { UserManager, WebStorageStateStore } from 'oidc-client-ts';
export const userManager = new UserManager({
authority: 'https://auth.ailacs.com',
client_id: import.meta.env.VITE_AILACS_CLIENT_ID,
redirect_uri: `${window.location.origin}/callback`,
post_logout_redirect_uri: `${window.location.origin}/`,
response_type: 'code',
scope: 'openid profile email',
// PKCE enabled by default — no client_secret needed
automaticSilentRenew: true,
userStore: new WebStorageStateStore({ store: window.sessionStorage }),
});
// src/main.tsx
import { AuthProvider } from 'react-oidc-context';
ReactDOM.createRoot(document.getElementById('root')!).render(
<AuthProvider userManager={userManager}><App /></AuthProvider>
);
// src/components/ProtectedRoute.tsx
export function ProtectedRoute({ children }: { children: React.ReactNode }) {
const auth = useAuth();
if (auth.isLoading) return <div>Loading...</div>;
if (!auth.isAuthenticated) { auth.signinRedirect(); return null; }
return <>{children}</>;
}Trusted by Teams Worldwide
From startups to enterprises, thousands of organizations rely on Ailacs Identity for secure authentication.
99.9%
Uptime SLA
24/7
Support
Authentication for Every Use Case
Whether you're building a consumer app, a multi-org SaaS platform, or integrating enterprise identity providers, Ailacs Identity covers every auth scenario.
B2C Authentication
Deliver frictionless consumer login with social auth, passwordless sign-in, email verification, and TOTP MFA. B2C auth that scales to millions of end-users without managing infrastructure.
B2B Authentication
Multi-tenant B2B auth with per-organisation SSO, tenant-scoped RBAC, and invite-based user provisioning. Let enterprise customers bring their own identity provider with federated B2B auth.
OpenID Connect Auth
Standards-based OpenID Connect authentication powered by OpenIddict. Issue and validate ID tokens, support the authorisation code flow with PKCE, and integrate any OIDC-compatible client in minutes.
OAuth 2.0 Auth
Full OAuth 2.0 authorisation server with support for authorisation code, client credentials, and refresh token flows. Protect your APIs with scoped access tokens and fine-grained OAuth 2.0 permissions.
Enterprise SSO Auth
One-click SSO auth for enterprise customers. Connect to Azure AD, Okta, Google Workspace, and any SAML 2.0 or OIDC identity provider. Centralise access management across all your applications.
JWT & Token Auth
Signed JWT access tokens and opaque reference tokens with configurable lifetime, custom claims, and automatic key rotation. Drop-in JWT auth for .NET, Node.js, Python, and any standards-compliant API.
Ready to Get Started?
Join thousands of developers who trust Ailacs Identity for their authentication needs. Start building in minutes with our free tier.