🛡️ Centurion SSO

The Fastest Rust-Native Turn-Key Drop-In SSO Engine

The Centurion Guard of SSO Engines

Beta Q3 2026 Sub-ms Token Validation Single Binary Zero Runtime Dependencies

Centurion SSO is a 100% Rust-native, single-binary SSO engine delivering full OAuth 2.0 and OpenID Connect with sub-millisecond token validation. Offering second-to-none level trivial language-agnostic API connectivity — drop it into any stack with a single config file and zero CGO or runtime dependencies. Ships with GitHub and Google OAuth providers, TOTP MFA, WebAuthn scaffolding, complete audit logging, a kube-rs Kubernetes operator for automated cluster deployment, a Leptos WASM admin dashboard for browser-based management, and a Ratatui terminal CLI dashboard for headless environments. Distributed as Docker images only.

OAuth 2.0

  • Authorization Code Grant (with PKCE)
  • Refresh Token Grant
  • Client Credentials Grant
  • Token Introspection (RFC 7662)
  • Token Revocation (RFC 7009)
  • PKCE Required by Default

OpenID Connect

  • Discovery Document (/.well-known/openid-configuration)
  • ID Tokens (JWT)
  • UserInfo Endpoint
  • JWKS Endpoint
  • OIDC Connect Registration
  • Standards Compliant

Identity Providers & Security

  • GitHub OAuth Provider
  • Google OAuth Provider
  • Custom Provider Support
  • Argon2id Password Hashing
  • JWT Signing (RS256, HS256)
  • TOTP Multi-Factor Authentication
  • WebAuthn Scaffolding
  • Rate Limiting
  • CORS Support
  • Complete Audit Logging

Deployment & Tooling

  • kube-rs Kubernetes Operator (Premium Tier)
  • Leptos WASM Admin Dashboard
  • Ratatui Terminal CLI Dashboard
  • Single Binary, Single Config File
  • Docker Image Distribution
  • Kubernetes & Firecracker VMM Ready
Rust Axum OAuth 2.0 OIDC kube-rs Leptos WASM Ratatui Docker Argon2id PKCE JWT

Integration

Language-agnostic API connectivity. Drop Centurion into any Rust, Go, Python, Node.js, or Java stack. Native Rust client libraries ship with Axum middleware and generic client support.

Rust (Axum)
use centurion_client::axum::CenturionAuth;

let app = Router::new()
    .route("/protected", get(handler))
    .layer(CenturionAuth::new("http://localhost:4444"));
Rust (Generic)
use centurion_client::CenturionClient;

let client = CenturionClient::new("http://localhost:4444")?
    .with_client_id("my-app")
    .with_client_secret("secret");

let user = client.userinfo("access_token").await?;

Choose Your Plan

Docker image distribution — no source code delivered

Standard

$25/month
  • Docker image access
  • OAuth 2.0 + OIDC
  • GitHub & Google providers
  • TOTP MFA
  • Leptos WASM dashboard
  • Ratatui CLI dashboard
  • Email support
Subscribe
or $250 lifetime

Pro

$95/month
  • Everything in Standard
  • kube-rs Kubernetes Operator
  • WebAuthn support
  • Audit logging
  • Priority support
  • Slack channel access
  • Multi-node HA deployment
Subscribe
or $950 lifetime

Enterprise

Custom
  • Everything in Pro
  • Custom identity providers
  • Dedicated support engineer
  • SLA guarantees
  • On-premise deployment
  • Training & onboarding
  • Custom integrations
Contact Sales
Terms Privacy