# Kenni Documentation > Kenni is an Iceland-first identity provider built on OpenID Connect and OAuth 2.0. These docs cover application setup, API scopes, framework integration guides, advanced features (delegations, consent, SSO, test users), and troubleshooting. Last updated: 2026-05-07 ## Get started - [Overview](https://developers.kenni.is/docs.md): Kenni is an Iceland-first identity provider built on OpenID Connect and OAuth 2.0. - [Get started](https://developers.kenni.is/docs/get-started.md): Setting up Kenni takes three quick steps in the developer portal. ## Applications - [Applications](https://developers.kenni.is/docs/applications.md): An application (client) is the integration point between your software and Kenni. - [Settings](https://developers.kenni.is/docs/applications/settings.md): The Settings tab on an application controls everything from its identifiers and redirect URIs to token lifetimes and feature toggles. - [Theming](https://developers.kenni.is/docs/applications/theming.md): Theming controls how the Kenni-hosted login screen looks when users authenticate to your application. ## API scopes - [API scopes](https://developers.kenni.is/docs/api-scopes.md): Scopes are how OAuth 2.0 and OpenID Connect express what an access token is allowed to do. - [Standard scopes](https://developers.kenni.is/docs/api-scopes/standard.md): Kenni ships with a fixed set of identity scopes for the authenticated user, the company on whose behalf the user is acting (for delegated sessions), and the ac… ## Integration guides - [No framework (curl)](https://developers.kenni.is/docs/guides/curl.md): Use this guide to learn the protocol, debug other integrations, or build for a language or runtime not covered elsewhere. - [Next.js / better-auth](https://developers.kenni.is/docs/guides/better-auth.md): better-auth is the modern auth framework for the Next.js (and broader TypeScript) ecosystem. - [React (SPA)](https://developers.kenni.is/docs/guides/react.md): For a single-page React app, react-oidc-context wraps the well-tested oidc-client-ts library and exposes a hook-based API. - [Expo (React Native)](https://developers.kenni.is/docs/guides/expo.md): expo-auth-session is the standard OAuth/OIDC client for Expo apps. - [Flutter](https://developers.kenni.is/docs/guides/flutter.md): flutter_appauth wraps Google's AppAuth SDKs — the canonical OAuth client for native iOS and Android. - [Node.js / Express](https://developers.kenni.is/docs/guides/express.md): For a server-side Node app outside Next.js, openid-client is the reference OIDC library — the same one Auth.js, NextAuth, and better-auth wrap internally. - [Java / Spring Boot](https://developers.kenni.is/docs/guides/spring-boot.md): Spring Security's OAuth 2.0 Client support handles Kenni without any custom code — point its provider config at your discovery URL and it does the rest. - [C# / .NET MVC](https://developers.kenni.is/docs/guides/dotnet.md): ASP.NET Core's built-in OpenIdConnect handler integrates Kenni without any additional packages beyond what's in the framework. - [Go](https://developers.kenni.is/docs/guides/go.md): The de facto Go OIDC stack is golang.org/x/oauth2 for the OAuth flow plus github.com/coreos/go-oidc/v3 for ID token verification and JWKS handling. - [Python](https://developers.kenni.is/docs/guides/python.md): Authlib is the de facto OIDC client library for Python — works with Flask, FastAPI, Django, and standalone scripts. - [Other frameworks](https://developers.kenni.is/docs/guides/other.md): Kenni implements OpenID Connect to spec, so any conformant client library can talk to it. ## Features - [Scopes and claims](https://developers.kenni.is/docs/features/scopes-and-claims.md): OAuth 2.0 distinguishes the request from the response: your application asks for scopes, and Kenni delivers claims. - [Prompts](https://developers.kenni.is/docs/features/prompts.md): The OIDC prompt parameter controls which interactions Kenni shows the user before completing the authorization request. - [Test users](https://developers.kenni.is/docs/features/test-users.md): Test users are team-scoped accounts that sign in with a national ID and a password instead of a real electronic ID. - [Single sign-on](https://developers.kenni.is/docs/features/single-sign-on.md): Single sign-on (SSO) lets a user authenticate once and then sign into every other application on your team without re-entering credentials. - [Company delegations](https://developers.kenni.is/docs/features/company-delegations.md): A company delegation lets an authenticated person sign into your application as a legal entity they have authority over. - [Custom delegations](https://developers.kenni.is/docs/features/custom-delegations.md): Where company delegations come from the national company registry, custom delegations are types your team defines for itself. - [Consent](https://developers.kenni.is/docs/features/consent.md): Some identity scopes — displayname, email, the editable phonenumber, the user's picture — release information the user has chosen to share with Kenni. - [Skipping passkeys](https://developers.kenni.is/docs/features/skipping-passkeys.md): After a successful first authentication, Kenni asks the user whether they'd like to register a passkey for faster future sign-ins. - [Device code flow](https://developers.kenni.is/docs/features/device-code.md): The Device Authorization Grant (RFC 8628) lets a device that can't easily host a browser — a smart TV, a CLI, a printer's setup screen — sign a user in via a s… ## Troubleshooting - [Common issues](https://developers.kenni.is/docs/troubleshooting.md): This page covers the errors you're most likely to hit while integrating Kenni and how to fix them.