Qvisqve is an authorisation server and identity provider for web and mobile applications. Qvisqve aims to be secure, lightweight, fast, and easy to manage.

Qvisqve supports the OAuth2 client credentials grant, which is useful for authenticating and authorising automated systems, including IoT devices. Qvisqve can be integrated with any web service that can use OAuth2 and JWT tokens for access control.

Future releases will provide support for end-user authentication by implementing the OpenID Connect protocol, with a variety of authentication methods, including username/password, U2F, TOTP, and TLS client certificates. Multi-factor authentication will also be supported.

Qvisqve is released under the Affero General Public Licence.

To install, see the Ansible playbooks at http://git.qvarnlabs.net/qvarn-prov. To add a new API client, edit /etc/qvisqve/qvisqve.yaml, the clients list, and use http://git.qvarnlabs.net/qvisqve/tree/qvisqve-hash to generate the secret part of a new entry. Then restart the server.

Example client:

curl -ks --user test-client:hunter2 -X POST \
-d 'grant_type=client_credentials&scope=uapi_version_get' \
https://qvisqve.example.com/token | jq -r .access_token | jwt-decode

Qvisqve source code is available to download from our Git repository at http://git.qvarnlabs.net/qvisqve/, for more details see download page.

For help, please use the qvarn-devel@lists.qvarnlabs.com mailing list.