Invite code service with OpenID Provider interface for SIROS ID.

• Tenant-scoped invite code management
• Email address and email domain matching
• Cryptographically generated invite codes
• OpenID Provider compatible with wallet-frontend OIDC gate
• Dynamic client registration
• JWT-protected management API
• Admin token protected admin API
• Periodic cleanup of expired/consumed invites
• Memory and MongoDB storage backends

make build
./bin/server --config configs/config.yaml

• POST /api/v1/invites - Create an invite
• GET /api/v1/invites - List invites
• GET /api/v1/invites/:id - Get invite
• PUT /api/v1/invites/:id - Update invite
• DELETE /api/v1/invites/:id - Delete invite

Same routes under /admin/invites on port 8081.

• GET /:tenant/.well-known/openid-configuration - Discovery
• GET /:tenant/.well-known/jwks.json - JSON Web Key Set
• POST /:tenant/register - Dynamic client registration
• GET /:tenant/authorize - Authorization endpoint
• POST /:tenant/token - Token endpoint

• GET /admin/status - Liveness probe
• GET /admin/readyz - Kubernetes readiness probe
• GET /metrics - Prometheus metrics

See configs/config.yaml for all options. Environment variables with INVITE_ prefix override YAML values. See configs/config.production.yaml for a production-hardened example.

# Development with MongoDB
docker compose up

# Build image only
make docker-build

The image uses a distroless base with a non-root user (UID 65532).

make tools      # Install golangci-lint, goimports, govulncheck
make test       # Run tests
make lint       # Run linter
make fmt        # Format code

BSD 2-Clause