Skip to main content
Parako.IDParako.ID
Built on OpenID Certified Library

Parako.ID

Your auth server.

Self-hosted. Free.

Read the DocsView on GitHub
terminal
$curl -sSL https://get.parako.id | sh
Parako.ID is under active development. Not recommended for production unless you understand the current limitations.
SSO & OIDCMFA & PasskeysSocial LoginMulti-Tenant10 LocalesCustom BrandingMIT LicensedDevice Flow

What is Parako.ID?

A self-hosted OIDC/OAuth2 identity provider built on an OpenID Certified library. You own your data, your domain, your auth server.

SSO, MFA with WebAuthn passkeys, social login, and multi-tenancy out of the box — with SQLite, MongoDB, or PostgreSQL as the backing store.

Ships with a management API, CLI tools, and an admin panel. MIT licensed, free forever, no vendor lock-in.

Who is it for?

  • Startups and indie developers who want full control over authentication without paying per-user fees to a SaaS provider.
  • Engineering teams building multi-tenant platforms that need isolated auth per customer — each with its own branding, users, and OIDC configuration.
  • Any organization that requires self-hosted identity infrastructure for compliance, data sovereignty, or simply to avoid vendor lock-in.

How it works

1One command installs Parako.ID on your server. Pick SQLite for a quick start, or PostgreSQL / MongoDB for production. Bootstrap settings live in a .env file; everything else is managed through the admin panel or API — no restart needed to change configuration.
2Each tenant gets its own isolated OIDC provider instance, user pool, and branding. The platform admin panel lets you manage tenants, clients, and permissions from a single dashboard.
3Your server, your data, your domain. Parako.ID runs behind your reverse proxy, serves your login pages, and issues tokens under your authority. Nothing phones home.

Key Capabilities

SSO & OIDC

Standards-compliant OpenID Connect provider with Auth Code + PKCE, Client Credentials, Device Flow, and token-gated dynamic registration.

MFA & Passkeys

TOTP, email OTP, SMS, and WebAuthn/FIDO2 passkeys with password breach detection.

Multi-Tenant

Per-tenant data isolation, branding, and dedicated OIDC provider instances.

Social Login

Google, GitHub, Microsoft, LinkedIn, and Facebook out of the box. Per-tenant credential inheritance, PKCE on every flow, and configurable account linking.

Admin & API

Web dashboard, interactive CLI, and a RESTful management API with 30 scoped permissions.

Security First

Argon2id hashing, AES-256-GCM encryption at rest, session binding, impossible travel detection, and rate limiting.

Ready to own your auth?

Deploy Parako.ID on your server in under 5 minutes.

curl -sSL https://get.parako.id | sh
Read the Docs/View on GitHub

MIT Licensed · Built on OpenID Certified Library · Maintained by @Dahkenangnon