Authentication & Authorization

Adsify uses standard OIDC/OAuth2 for authentication and a hybrid RBAC + scopes model for authorization. The API is stateless — it only validates incoming JWTs.

Token Acquisition

Provider Support

Adsify is provider-agnostic — any OIDC-compliant IdP works. First-class tested configurations for:

• Keycloak (self-hosted, open source)
• Microsoft Entra ID (Azure AD)

The RoleClaimType setting accommodates different IdP claim structures. A RoleClaimTransformer normalizes claims regardless of provider.