agent-firstno per-seat taxpay-per-authone static binary

portier — SSO for your app in one redirect

Add "Login with Google / GitHub / any OIDC provider" without implementing OAuth. portier brokers the authorization-code flow and hands your app back a verified identity. No per-seat SSO subscription — 100 free auths, then 1 EUR per 100 successful auths, funded by a peage wallet.

# 1. register your app
curl -s -X POST https://sso.intrane.fr/v1/apps \
  -d '{"name":"my app","redirect_uris":"https://myapp.com/auth/done"}'
# -> {"app_id":"app_…","app_secret":"psk_…"}

# 2. add a provider (try the built-in demo first — no real IdP needed)
curl -s -X POST https://sso.intrane.fr/v1/apps/provider \
  -H 'Authorization: Bearer psk_…' -d '{"kind":"demo"}'

# 3. send the user to portier; get ?code= back at your redirect_uri; exchange it:
curl -s -X POST https://sso.intrane.fr/v1/token \
  -H 'Authorization: Bearer psk_…' -d '{"code":"pc_…"}'
# -> {"identity":{"sub":"…","email":"…","name":"…","provider":"github"}}

The auth glue, deleted

OAuth redirects, token exchange, userinfo, CSRF-safe state, open-redirect guards — portier does it. Your app makes two curls.

Pay only for logins that work

Billed per successful auth, in blocks of 100 (1 EUR), from a prepaid wallet. No MAU tiers, no annual contract.

providers

GitHub, Google, and any generic OIDC provider (Keycloak, Auth0, Okta, GitLab — supply the discovery URLs) — plus machin-idp, the intrane identity provider, so your apps can offer "Login with intrane" through the same broker. A built-in demo provider lets you test the whole flow with curl before wiring a real IdP. SAML is on the roadmap (it needs RSA/XML-DSig that the pure-MFL runtime doesn't have yet).

the interface is the docs

curl -s https://sso.intrane.fr/llms.txt   # the full contract, written for agents
curl -s https://sso.intrane.fr/guide      # the same contract as JSON