Lux Docs
Iam

Authentication

API keys, OAuth2, OIDC, SSO, and SAML authentication methods

Lux IAM supports multiple authentication protocols. All services authenticate through the central provider at hanzo.id.

OAuth 2.0 / OIDC

The primary method for web and mobile applications using Authorization Code + PKCE.

EndpointPurpose
/login/oauth/authorizeAuthorization
/api/login/oauth/access_tokenToken exchange
/.well-known/openid-configurationOIDC discovery
/api/userinfoUser info
/api/logoutSession logout

Token Format

Access tokens are JWTs with the owner claim identifying the organization:

{
  "sub": "user-id",
  "iss": "https://hanzo.id",
  "aud": "your-client-id",
  "owner": "org-name",
  "exp": 1700000000
}

SAML 2.0

For enterprise SSO with Okta, Azure AD, or Google Workspace.

ParameterValue
Entity IDhttps://hanzo.id/api/saml/metadata
ACS URLhttps://hanzo.id/api/saml/acs
SLO URLhttps://hanzo.id/api/saml/slo

API Keys

For machine-to-machine authentication:

curl -H "Authorization: Bearer lux_key_abc123..." \
  https://api.lux.network/v1/resource

Social Login

ProviderProtocol
GoogleOIDC
GitHubOAuth 2.0
AppleOIDC
MicrosoftOIDC

Lux IAM

Identity and access management with OAuth2, OIDC, SAML, and RBAC

Authorization

Role-based access control, permissions, and policy enforcement

On this page

OAuth 2.0 / OIDCToken FormatSAML 2.0API KeysSocial Login