docs / getting-started / introduction
Introduction
What Ouro Pass is, and the design principle underneath it.
Ouro Pass turns on-chain stake — pool membership and active delegation — into OAuth logins and multi-channel memberships. A wallet proves control via a CIP-30 signature; the issuer mints a short-lived, JWKS-verifiable JWT and computes the holder’s tier from live on-chain facts.
Everything ships as one Go binary (API + admin console + background workers) exposing four auth-independent planes:
- Wallet primitives — challenge issuance and CIP-30 COSE verification.
- Issuance — OAuth 2.0 flows that mint staking-identity tokens.
- Verifier — JWKS publication, introspection, revocation.
- Admin — the embedded console at
/admin, plus Telegram and scheduler workers.
Design principle — the service holds only its own issuer signing key and bot tokens. User, cold, owner, payment, KES, and VRF keys never enter it.
Found an issue in these docs? Edit this page on GitHub ↗