portier — SSO for your app in one redirect
Add "Login with Google / GitHub / any OIDC provider" without implementing OAuth. portier brokers the authorization-code flow and hands your app back a verified identity. No per-seat SSO subscription — 100 free auths, then 1 EUR per 100 successful auths, funded by a peage wallet.
# 1. register your app
curl -s -X POST https://sso.intrane.fr/v1/apps \
-d '{"name":"my app","redirect_uris":"https://myapp.com/auth/done"}'
# -> {"app_id":"app_…","app_secret":"psk_…"}
# 2. add a provider (try the built-in demo first — no real IdP needed)
curl -s -X POST https://sso.intrane.fr/v1/apps/provider \
-H 'Authorization: Bearer psk_…' -d '{"kind":"demo"}'
# 3. send the user to portier; get ?code= back at your redirect_uri; exchange it:
curl -s -X POST https://sso.intrane.fr/v1/token \
-H 'Authorization: Bearer psk_…' -d '{"code":"pc_…"}'
# -> {"identity":{"sub":"…","email":"…","name":"…","provider":"github"}}
The auth glue, deleted
OAuth redirects, token exchange, userinfo, CSRF-safe state, open-redirect guards — portier does it. Your app makes two curls.
Pay only for logins that work
Billed per successful auth, in blocks of 100 (1 EUR), from a prepaid wallet. No MAU tiers, no annual contract.
providers
GitHub, Google, and any generic OIDC provider (Keycloak, Auth0, Okta, GitLab — supply the discovery URLs) — plus machin-idp, the intrane identity provider, so your apps can offer "Login with intrane" through the same broker. A built-in demo provider lets you test the whole flow with curl before wiring a real IdP. SAML is on the roadmap (it needs RSA/XML-DSig that the pure-MFL runtime doesn't have yet).
the interface is the docs
curl -s https://sso.intrane.fr/llms.txt # the full contract, written for agents curl -s https://sso.intrane.fr/guide # the same contract as JSON