Use cases
Each card below maps to a runnable example under examples/ in the source repo. Examples build behind the example build tag so they don't bloat your go.sum or get pulled into go test ./...:
sh
go run -tags example ./examples/01-minimalIndex
Every example folder maps to one of the use-case pages below.
Bootstrap & wiring
| Use case | Example | Page |
|---|---|---|
| Smallest possible OP | 01-minimal | Minimal OP |
| Comprehensive bundle (every option a typical embedder uses) | 02-bundle | Comprehensive bundle |
Profile & flow
| Use case | Example | Page |
|---|---|---|
| FAPI 2.0 Baseline (PAR + JAR + DPoP) | 03-fapi2, 50-fapi-tls-jwks | FAPI 2.0 Baseline |
| Service-to-service tokens | 05-client-credentials | client_credentials |
| Plain OAuth 2.0 alongside OIDC | 15-oauth2-only | OAuth 2.0 (no openid) |
| DPoP server nonce flow | 51-dpop-nonce | DPoP nonce flow |
UI
| Use case | Example | Page |
|---|---|---|
| Drive UI from a SPA | 04-custom-interaction + 10-react-login | SPA / custom interaction |
| Custom HTML consent page | 11-custom-consent-ui | Custom consent UI |
Multi-account chooser (prompt=select_account) | 13-multi-account | Multi-account chooser |
| Cross-origin SPA (CORS) | 14-cors-spa | CORS for SPA |
| Locale negotiation | 16-i18n-locale | i18n / locale |
Storage
| Use case | Example | Page |
|---|---|---|
| Persist on a real database | 06-sql-store, 07-mysql-store | Persistent storage (SQL) |
| Hot/cold split (Redis volatile) | 08-composite-hot-cold, 09-redis-volatile | Hot/cold + Redis |
Scopes & claims
| Use case | Example | Page |
|---|---|---|
| Public / internal scope split | 12-scopes-public-private | Public / internal scopes |
| OIDC §5.5 claims request parameter | 17-claims-request | Claims request |
Authentication
| Use case | Example | Page |
|---|---|---|
| MFA, captcha, step-up | 20, 21, 22, 23 | MFA / step-up |
Governance
| Use case | Example | Page |
|---|---|---|
| First-party consent skip | 40-first-party-skip-consent | First-party consent skip |
| Dynamic Client Registration (RFC 7591) | 41-dynamic-registration | Dynamic Client Registration |
| Back-Channel Logout 1.0 | 42-back-channel-logout | Back-Channel Logout |
Operations
| Use case | Example | Page |
|---|---|---|
| Prometheus metrics | 52-prometheus-metrics | Prometheus metrics |
Numeric inventory
The example folders are grouped by topic, not by chronology:
| Band | Topic |
|---|---|
| 00–09 | bootstrap, grant variants, storage adapters |
| 10–19 | UI, scopes, SPA, locale, claims request, CORS |
| 20–29 | MFA and authentication rules (TOTP / risk / captcha / step-up) |
| 30–39 | identity federation (reserved — v1.x) |
| 40–49 | governance: first-party, DCR, back-channel logout |
| 50–59 | operations: FAPI helpers, metrics, tracing, DPoP nonce |
| 60–69 | compliance (reserved — v1.x late) |
(Reserved bands are placeholders for in-flight or v1.x work; the README in the source repo is the authoritative inventory.)