Vestibule OAuth2 for Gleam
Links
Search Hex GitHub
Docs menu: Package overview

Package overview

Vestibule is split by responsibility: core flow, transport middleware, and provider strategy packages.

Core

vestibule

Core types, two-phase OAuth2 flow, PKCE, CSRF state, token refresh, OIDC discovery, and shared state store.

Read core docs

Middleware packages

Choose by your server routing layer.

Wisp middleware vestibule_wisp Use Wisp middleware when your app already routes requests with Wisp and you want the request and callback phases handled for you. Mist middleware vestibule_mist Use Mist middleware when you run directly on Mist and want the same auth ergonomics without Wisp.

Provider strategies

Provider packages normalize profile data while preserving provider-specific security behavior.

Package Default scopes Important behavior
vestibule_github user:email Requests user:email by default.
vestibule_google openid email profile UserInfo.email is only populated when email_verified is true.
vestibule_microsoft User.Read by default; tenant validation also requests openid. The default strategy uses /common and performs no tenant validation.
vestibule_apple name email init initializes the JWKS cache used to verify Apple ID tokens.