The Nexus Framework is a provider-agnostic, secure integration layer for managing OAuth 2.0 and OIDC connections. It abstracts away the complexity of managing tokens, refreshes, and provider quirks, allowing your agents and services to focus on business logic.
The Nexus Framework requires two primary shared secrets to operate securely:
ENCRYPTION_KEY: A 32-byte key used by the Broker to encrypt tokens at rest.STATE_KEY: A 32-byte key shared between the Broker and Gateway to sign and verify the OAuthstateparameter.
Both services will refuse to start if these variables are missing or invalid. In distributed deployments, the STATE_KEY must be identical across all Broker and Gateway instances, or OAuth callbacks will fail with "Invalid state" errors.
Generate a secure key with: openssl rand -base64 32
The fastest way to get started is with Docker Compose. This will spin up the Broker, Gateway, Postgres, and Redis.
# 1. Configure environment
cp .env.example .env
# 2. Start the stack
make up
# Or if you don't have make:
docker-compose up -d --build- Broker: http://localhost:8080
- Gateway: http://localhost:8090
- Admin API Key: Configured in
.env(Default:nexus-admin-key)
Connect your application or MCP server to Nexus using the official SDK for your language:
| Language | Package | Install |
|---|---|---|
| Go | nexus-sdk |
go get github.com/Prescott-Data/nexus-framework/nexus-sdk@latest |
| TypeScript | @dromos/nexus-sdk |
npm install @dromos/nexus-sdk |
| Python | nexus-sdk |
pip install nexus-sdk |
All SDKs provide full feature parity: connection management, token retrieval, MCP token injection, caching, retry logic, and structured errors.
- Architecture: System overview, components, and data flow.
- Deployment & Config: How to configure, build, and deploy the services.
- SDK Overview: Choose your SDK and explore the feature matrix.
- MCP Server Integration: Build MCP servers with automatic token injection.
- Agent Integration Guide: How to build agents that consume connections.
- Provider Management Guide: How to register and configure identity providers.
- API Reference: Links to OpenAPI specifications.
- Security Model: Security guardrails and hardening.
- Broker Service: Backend service details.
- Gateway Service: Frontend API service details.
- Bridge Library: Go persistent connection client.
- Go SDK: Go client SDK.
- TypeScript SDK: TypeScript/JavaScript client SDK.
- Python SDK: Python client SDK.