# Authly Authly is a central authentication and identity service by 2HAAS. It gives applications one place for user registration, login, tokens, profiles, and security. Developers integrate through OAuth 2.0 and OpenID Connect, or through a direct REST API. ## What Authly does - Registers users and verifies their email addresses. - Signs users in with passwords, magic links, or social providers. - Supports these social providers: Google, GitHub, Facebook, X, GitLab, Microsoft, Apple, LinkedIn, Discord, Twitch, and Yahoo. - Issues RS256 signed JSON Web Tokens. Applications verify them offline with the public keys. - Supports multifactor authentication with authenticator apps, SMS codes, and email codes. - Lets developers enforce multifactor authentication per application. - Stores one profile per user. The profile holds a common avatar, several emails, and several phone numbers. Every connected application can read it. - Records login history with IP address, location, device, and browser. Users can revoke any session. - Gives developers a dashboard with API keys, usage statistics, CORS settings, and event logs. - Emails users about new device sign-ins and emails developers about token reuse. ## How to integrate with Login with Authly 1. Create a developer account and register an application. You receive a client id, an API key, and an API secret. The secret appears once. 2. Send users to the authorize endpoint. The flow follows OAuth 2.0 with PKCE and OpenID Connect. 3. Exchange the authorization code at the token endpoint. You receive an access token, a refresh token, and an id token. 4. Verify access tokens offline with the JWKS endpoint, or call the introspection endpoint from your server. Public clients such as single page apps and mobile apps use PKCE and send no secret. Confidential clients such as server backends send the client secret at the token step. ## Key endpoints Replace the host with your Authly deployment. - Discovery: /.well-known/openid-configuration - Public signing keys: /.well-known/jwks.json - Authorization: /oauth/authorize - Token exchange: /oauth/token - User claims: /oauth/userinfo - Token introspection: /api/v1/tokens/introspect - REST API base: /api/v1 ## Scopes - openid returns the user id in the sub claim. - profile returns the name and avatar. - email returns the primary email and its verified flag. ## Notes for agents - The REST API returns errors as { "error": { "code", "message", "details" } }. - The OAuth token endpoint returns errors as { "error", "error_description" }. - All requests and responses use JSON. - The sub claim is a stable user id. It stays the same for a user across every application. - CMS platforms such as WordPress, Drupal, Bubble, and Webflow connect through any generic OIDC client plugin with the discovery URL above. ## Human documentation Full guides live at /docs on this site. - /docs/quickstart - /docs/login-with-authly - /docs/verify-tokens - /docs/wordpress - /docs/social-login - /docs/api - /docs/security