Introduction
Paylent is an identity and access management platform that provides authentication, authorization, and user management infrastructure for your applications. It includes a full OAuth2/OIDC provider, role-based access control, organization management, and a management dashboard.
Key Features
Section titled “Key Features”- OAuth2/OIDC Provider — Full authorization code flow with PKCE, client credentials grants, JWT and opaque tokens, JWKS endpoints, and token introspection.
- User Management — User registration, password authentication (Argon2), session management with token tracking, and email verification.
- Role-Based Access Control — Define roles and permissions scoped to each environment. Assign roles to users with fine-grained permission checks.
- Organization Management — Create organizations, manage memberships, assign organization-level roles, and send invitations with expiry.
- Multiple Environments — Create isolated environments (e.g. test, production) with independent data, API clients, and signing keys.
- Custom Domains — Use your own domain (e.g.
auth.yourcompany.com) for login and OAuth flows, with automatic SSL provisioning. - Audit Trail — Structured event logging for all key actions, including actor, targets, field-level change tracking, and metadata.
- Management Dashboard — An admin interface for managing users, roles, OAuth clients, signing keys, organizations, and more.
Core Concepts
Section titled “Core Concepts”Environments
Section titled “Environments”Environments provide data isolation within your account. Every account starts with test and production environments, each with their own users, roles, OAuth clients, and signing keys. Environments are accessed via subdomain routing (e.g. acme-production.paylent.com).
OAuth Clients
Section titled “OAuth Clients”OAuth clients represent applications that authenticate users through Paylent. Clients can be confidential (server-side apps with a secret) or public (browser/mobile apps). Each client is configured with redirect URIs, grant types, and token format (JWT or opaque).
Signing Keys
Section titled “Signing Keys”RSA256 signing keys are used to sign JWTs. Each environment has its own keys, with support for key rotation — generate a new primary key, then deactivate the old one.
Next Steps
Section titled “Next Steps”- Follow the Quick Start guide to register an OAuth client and issue a token
- Learn how Authentication works
- Set up a Custom Domain for your login pages
- Explore the API Reference