announcementrelease

Introducing Ahdapa

·Ahdapa Team

What is Ahdapa?

Ahdapa is a stateless OAuth 2.0 (RFC 6749) and OpenID Connect identity provider. The name derives from Adapa, the Mesopotamian sage whom the god Enki granted extraordinary wisdom — a mortal entrusted with divine knowledge. Fitting for a server entrusted with issuing identity tokens across your infrastructure.

It is designed for deployment in FreeIPA Kerberos environments, bridging your existing identity infrastructure to the OAuth 2.0 / OIDC ecosystem used by modern applications — with no separate user database and no external identity broker required.

Why Another OAuth2 Provider?

Existing OAuth2 providers are excellent, but we wanted something that:

  • Integrates natively with FreeIPA — zero-click SSO via SPNEGO/Kerberos for domain members, with Kerberos client authentication (kerberos_client_auth) for machine-to-machine flows.
  • Is truly stateless — self-contained JWTs, AES-256-GCM encrypted authorization codes and refresh tokens. No per-token server-side storage.
  • Takes post-quantum seriously — ML-DSA token signing and ML-KEM-768 gossip encryption are supported today, not on a roadmap.
  • Scales horizontally — built-in CRDT gossip protocol for multi-node deployments. Any node handles any request with no external coordinator.
  • Covers the full RFC landscape — not just the basics, but DPoP, PAR, mTLS, token exchange, device flow, and 20+ more specifications.

Key Features

  • Full OAuth 2.0 and OpenID Connect with 25+ RFCs implemented
  • Zero-click Kerberos SSO via SPNEGO
  • Passkey (WebAuthn) authentication
  • Federated upstream IdP delegation
  • Post-quantum JWT signing (ML-DSA-44/65/87)
  • Horizontal scaling with CRDT gossip replication
  • SPIFFE Workload API for service mesh identity
  • ACME Token Authority (RFC 9447) for certificate issuance
  • FreeIPA-compatible HBAC access control policies
  • Self-service profile editing for users
  • Admin WebUI (React 19 + PatternFly 6) and CLI (ahdapactl)

Getting Started

Check out the quickstart guide to install Ahdapa, register your first OAuth2 client, and authenticate your first user.

What’s Next

We’re actively expanding standards coverage and improving the developer experience. Follow the project on Codeberg and check back here for updates.

← Back to all posts