For developers

Build features.
Not login flows.

Honin handles authentication end-to-end — OAuth 2.0, PKCE, OpenID Connect — so you ship your product, not auth infrastructure. Works with any stack. Respects your users' privacy.

Get started free Self-host honin-client gem

Why Honin

Identity infrastructure,
without the baggage.

Open standard

OAuth 2.0 + PKCE and OpenID Connect. Standard protocols mean no lock-in — integrate once with any language or framework, switch instances anytime.

Privacy by default

Users own their identity. You receive only the claims you need — no tracking data, no ad profiles, no third-party surveillance bundled into your auth layer.

Your infra or ours

Self-host on your own infrastructure with a single Dockerfile, or use the hosted honin.id instance. The integration code is identical either way.

Integration

A few lines to get started.

# Gemfile
gem "honin-client"

# config/initializers/honin.rb
HoninClient.configure do |c|
  c.issuer         = "https://honin.id"
  c.client_id      = ENV["HONIN_CLIENT_ID"]
  c.client_secret  = ENV["HONIN_CLIENT_SECRET"]
  c.redirect_uri   = "https://yourapp.com/auth/callback"
end

# config/routes.rb
mount HoninClient::Engine => "/auth"

# app/controllers/application_controller.rb
include HoninClient::Authentication
before_action :require_authentication

# Access the current user anywhere
current_identity.uid            # => "abc123xyz789"
current_identity.email          # => "alex@example.com"
current_identity.email_verified? # => true

Drop-in Rails integration

Mount the engine, add one concern to ApplicationController, and you're done. Honin handles the OAuth flow, PKCE, token verification, and session management.

honin-client gem

Open-source client library for Rails apps authenticating against any Honin instance — hosted or self-hosted.

View on Codefloe 
# 1. Redirect the user to Honin to authenticate
GET https://honin.id/oauth/authorize
  ?client_id=YOUR_CLIENT_ID
  &redirect_uri=https://yourapp.com/callback
  &response_type=code
  &code_challenge=BASE64URL(SHA256(verifier))
  &code_challenge_method=S256
  &scope=email profile
  &state=RANDOM_STATE

# 2. Exchange the code at your callback
POST https://honin.id/oauth/token
  grant_type=authorization_code
  &code=RECEIVED_CODE
  &code_verifier=PLAIN_VERIFIER
  &client_id=YOUR_CLIENT_ID

# 3. Verify the JWT and read user claims
{
  "sub":            "abc123xyz789",
  "email":          "alex@example.com",
  "email_verified": true,
  "account_type":   "standard"
}

Works with any stack

Standard OAuth 2.0 authorization code flow with PKCE. If your language has an OAuth library — and it does — you can integrate with Honin today.

RS256 signed JWTs

Tokens are signed with asymmetric keys. Fetch the public key from /oauth/.well-known/jwks.json and verify locally — no round-trips required.

PKCE required

S256 PKCE is mandatory, not optional. No implicit flow, no client credentials — just the one grant type that's actually secure.

Get started

Pick your path.

Hosted

Use honin.id —
no infra to manage

Register your application and start integrating in minutes. No servers, no maintenance, same privacy guarantees.

Get started free

Self-hosted

Run your own
Honin instance

One Dockerfile. Full control over your users' data and your infrastructure. Open-source, MIT licensed.

View honin-app