OAuth2 / OIDC Developer Docs

Use HODLXXI as an OAuth2 authorization server with OIDC discovery metadata.

Core flow (Authorization Code)

1. POST /oauth/register to register a client and redirect URI(s).
2. Send the user to GET /oauth/authorize with response_type=code, client_id, redirect_uri, scope, and state.
3. Exchange the returned code at POST /oauth/token for access (and refresh) tokens.

Discovery metadata

Read OIDC metadata at /.well-known/openid-configuration. Resolve signing keys at /oauth/jwks.json.

Supported core endpoints

• POST /oauth/register
• GET /oauth/authorize
• POST /oauth/token
• GET /.well-known/openid-configuration
• GET /oauth/jwks.json
• GET /oauth/clients (developer listing; access controlled)