Feedback wanted: Orionis, service-to-service OAuth2 client credentials for Go/Gin

Hi,

I released Orionis v0.2.0 and would appreciate feedback from Go developers on the API shape, security model, and docs:

Orionis is a compact Go toolkit and Gin authorization server for service-to-service OAuth2 client_credentials. It issues signed JWT access tokens, exposes JWKS, caches client tokens, and includes Gin middleware for resource services.

It is intentionally scoped to machine-to-machine auth, not end-user login or a full identity-provider suite.

The README includes a three-process local demo:

  1. go run ./cmd/orionis-auth -config ./config/orionis.example.json
  2. go run ./examples/gin-billing-service
  3. go run ./examples/gin-orders-client

The demo client should get status=201 from the protected billing service.

I am especially interested in feedback on:

  • Whether the chain-first builders are idiomatic enough for Go services.
  • Whether the JWKS/token validation behavior is clear from the docs.
  • Any security or deployment concerns before this gets more usage.

Thanks.