Build on Whisp3r Auth
An identity provider for apps that want to do the right thing by their users — private by default, OIDC-compliant, no proprietary SDK.
Whisp3r Auth is a standards-compliant OpenID Connect provider with a few opinionated extras built in:
- Pairwise subject identifiers — every app sees a different
subfor the same user. Two apps can't collude to recognize a shared user. - Email relay — apps email users by user ID without ever learning the address. Revoke = emails stop.
- Universal profile sync — when a user updates their name, photo, language, or cookie preferences, every connected app gets a signed webhook within seconds.
- Per-app 2FA requirement — banking, health, and other high-assurance apps can require users to have 2FA enabled before the consent screen authorizes sign-in.
- Age verification without birthdays — the
wa:age.tiersscope returns boolean checks for 13+, 16+, 18+, 21+. The actual birthday never leaves Whisp3r Auth.
Where to start
If you've integrated OIDC before, jump to the Quickstart. You'll have a working sign-in flow in about ten minutes.
If you want the conceptual picture first, read How it works — privacy model, pairwise subs, consent UX. The protocol reference in OIDC endpoints documents the discovery doc + every endpoint.
Need help?
Email auth@whisp3r.com — these docs are the source of truth, but we read every message.