← All BaaS products
Authorization Server Beta

Identity.Server

Kanject.Identity.Server

A Cognito-backed authorization server — fine-grained permissions and roles on top of your Cognito user pool, with token issue/validate helpers and a permission-sync pipeline, deployed natively on AWS.

PERMISSION MODEL · groups × module permissions
Admin
orders.readorders.writereports.read
Manager
orders.readorders.writereports.read
Viewer
orders.readreports.read
SYNCgroup-permissions → DynamoDB200
GET/admin/reports · Bearer tokenvalidated
AUTHZUseServerlessAuthorization200 · allowed
5
CAPABILITIES
YOUR ACCOUNT
NATIVE C#
DOCKER NATIVE

Fine-grained authorization on top of Cognito.

01

Permission & role model

System modules and group permissions your services enforce.

02

Cognito token helpers

Issue and validate tokens against your Cognito user pool.

03

Authorization pipeline

UseServerlessAuthorization() wires permission checks into requests.

04

Permission sync

Authorization state synced to DynamoDB for fast lookups.

05

Pairs with Identity

Builds on the same Cognito surface as Kanject.Identity.

Docker native

Built in .NET.
Spoken in every language.

Every Identity.Server module ships as both a NuGet package and an official Docker image — runs on ECS, EKS, Fargate, App Runner, or your laptop. Call its HTTP/gRPC API from Python, Go, Node, Java, Rust, or anything else that speaks the wire.

  • Multi-arch images: amd64 + arm64 from the same tag
  • OpenAPI + gRPC reflection enabled out of the box
  • Same configuration surface — env vars, Parameter Store, file
$ docker pull kanject/identity.server:latest
One NuGet install. Zero glue code.

Kanject.Identity.Server ships into your AWS, registers itself with one line in Program.cs, and exposes a typed API the rest of your service can use immediately.

Read the deployment guide →
Private beta

Want in early?

Identity.Server is in private beta. Tell us what you'd build with it and we'll bring you in as places open — and you'll help shape it before general availability. No purchase, no sales call.

No spam, no marketing list — just beta access and release notes.
Unsubscribe with one click from any email we send.
Your address never leaves Kanject — see our privacy policy.