Safire Documentation
A lean Ruby gem implementing SMART App Launch and UDAP protocols for clients.
Quick Navigation
| Section | Description |
|---|---|
| Getting Started | Install Safire and quick start guide |
| Configuration | All configuration options and parameters |
| SMART | App Launch (Public, Confidential Symmetric, Confidential Asymmetric) and Backend Services |
| UDAP | UDAP Security discovery (implemented) and planned auth flows |
| Security Guide | HTTPS, credential protection, token storage, key rotation |
| Advanced Examples | Caching, multi-server, token management, complete Rails integration |
| Troubleshooting | Common issues and solutions |
| Safire API Docs | Complete YARD documentation |
Features
SMART App Launch
- Discovery (
/.well-known/smart-configuration) - Public Client (PKCE)
- Confidential Symmetric Client (client_secret + Basic Auth)
- Confidential Asymmetric Client (private_key_jwt with RS384/ES384)
- POST-Based Authorization
- Backend Services (client_credentials grant, JWT assertion, no user interaction or PKCE)
UDAP Security (STU2)
- Discovery (
/.well-known/udap) with optional community scoping
Auth flows (DCR, JWT assertion, Tiered OAuth) are planned. See ROADMAP.md for details.
Demo Application
A Sinatra-based demo app is included to help you explore Safire’s features:
bin/demo
Visit http://localhost:4567 to test SMART discovery, authorization flows, token management, and backend services token requests.
See examples/sinatra_app/README.md for details.
Community
- GitHub Repository
- Issue Tracker
- Architecture Decision Records — design decisions and rationale
Last updated: May 17, 2026
Parts of this project were developed with AI assistance (Claude Code) and reviewed by maintainers.