The Nexus Framework is a provider-agnostic, secure integration layer for managing OAuth 2.0 and OIDC connections. It abstracts away the complexity of managing tokens, refreshes, and provider quirks, allowing your agents and services to focus on business logic.
The Nexus Framework requires two primary shared secrets to operate securely:
ENCRYPTION_KEY: A 32-byte key used by the Broker to encrypt tokens at rest.STATE_KEY: A 32-byte key shared between the Broker and Gateway to sign and verify the OAuthstateparameter.
Both services will refuse to start if these variables are missing or invalid. In distributed deployments, the STATE_KEY must be identical across all Broker and Gateway instances, or OAuth callbacks will fail with "Invalid state" errors.
Generate a secure key with: openssl rand -base64 32
The fastest way to get started is with Docker Compose. This will spin up the Broker, Gateway, Postgres, and Redis.
# 1. Configure environment
cp .env.example .env
# 2. Start the stack
make up
# Or if you don't have make:
docker-compose up -d --build- Broker: http://localhost:8080
- Gateway: http://localhost:8090
- Admin API Key: Configured in
.env(Default:nexus-admin-key)
- Architecture: System overview, components, and data flow.
- Deployment & Config: How to configure, build, and deploy the services.
- Agent Integration Guide: How to build agents that consume connections (including the Go Bridge).
- Provider Management Guide: How to register and configure identity providers (OAuth2, API Keys).
- API Reference: Links to OpenAPI specifications.
- Security Model: Security guardrails and hardening.
- Technical Debt & Roadmap: Known issues and future plans.
- Broker Service: Backend service details.
- Gateway Service: Frontend API service details.
- Bridge Library: Go client library details.