Authentication for the Web.
Open Source. Full Stack. Own Your Data.
Auth.js is a set of open-source packages built on standard Web APIs for authentication in modern applications with any framework, on any platform, and in any JS runtime. It offers flexibility, security, and control over user authentication.
Learn more at authjs.dev.
- Works seamlessly with any OAuth service, supporting 2.0+, OIDC
- Built-in support for many popular sign-in services
- Email/Passwordless authentication
- Compatible with any backend (Active Directory, LDAP, etc.)
- Runtime-agnostic, runs anywhere! (Vercel Edge Functions, Node.js, Serverless, etc.)
- An open-source solution that keeps you in control of your data
- Built-in support for various databases like MySQL, Postgres, MongoDB, etc.
- Works seamlessly with databases from popular hosting providers
- Promotes the use of passwordless sign-in mechanisms
- Designed to be secure by default, encouraging best practices
- Utilizes CSRF Tokens on POST routes for sign in/sign out
- Default cookie policy enforces the most restrictive settings for each cookie
- Default encryption for JSON Web Tokens (JWE) using A256CBC-HS512
- Implements the latest security guidance from OWASP
Auth.js libraries prioritize type safety.
For more information, visit the TypeScript Documentation.
If you discover a vulnerability in Auth.js, please read our Security Policy to report it responsibly.
We welcome all contributions! Please read our Contributing Guide to get started.
Auth.js is licensed under the ISC License.