Auth Platform | Identity Infrastructure That Teams Can Operate

Built for teams

Designed for product teams, platform engineers, and security-conscious startups that want modern identity controls without outsourcing core auth. Own the stack, policy, and user data.

OAuth + PKCE

secure code flow by default

RS256

JWTs with optional DPoP support

WebAuthn

passkeys plus admin MFA

SSE

instant force-logout revocation

Capabilities

Modern auth surface.
Operational security built in.

🔒

Hosted OAuth login + consent

Ship a dedicated sign-in and consent flow where your app receives standards-based authorization codes and secure tokens.

🌐

Per-app policy controls

Configure OAuth SSO toggle, OTP, passkeys, redirect URI allowlists, login notifications, and token/session TTL per app.

⚙️

Defense-in-depth defaults

Use rate limits, brute-force protections, HttpOnly cookies, CSRF protection, and sender-constrained token support.

🛡️

Passkeys and admin MFA

Enable WebAuthn passkeys for stronger sign-in and manage admin MFA from settings with OTP verification workflows.

⚡

Real-time session control

Force-logout users instantly with SSE revocation signals, plus optional user email notifications for security transparency.

📊

Auditability and activity visibility

Track active sessions, login history, OAuth events, and app-level activity from a single operational dashboard.

Clear handoff

Built for product velocity and security rigor.

Product teams get smoother onboarding, security teams keep enforcement controls, and developers integrate with a small, stable SDK surface.

Layer 1

Authentication

Hosted login with email/password, OTP, and passkeys (WebAuthn), including per-application OAuth SSO enablement.

Layer 2

Authorization + consent

OAuth 2.0 Authorization Code with PKCE, redirect URI validation, and consent flows you can present, approve, and revoke safely.

Layer 3

Token and session security

RS256 JWT lifecycle, refresh handling, session stream revocation, force logout controls, and optional DPoP sender constraints.

Layer 4

Control plane and visibility

Manage apps, users, passkeys, MFA, and security settings while monitoring active sessions and global login activity.

Platform Architecture

Every flow, documented.

Zero dependencies · OAuth 2.0 PKCE · Revocation-aware sessions

Auth in <5 lines.
Your users deserve it.

One tiny JS file. No npm, no bundler, no backend rewrites. Paste the prompt below into your AI editor and wire up secure login quickly.

AI Integration Prompt

# Paste into GitHub Copilot / Cursor / Claude

I have auth-sdk.js from Auth Platform (self-hosted OAuth 2.0 + PKCE).
AUTH_SERVER="https://your-auth-server.com", CLIENT_ID="app_xxxx".
Please: 1. Add <script src="auth-sdk.js"></script> to my HTML 2. Init AuthClient with AUTH_SERVER, CLIENT_ID, REDIRECT_URI=window.location.origin 3. Call auth.handleCallback() on page load 4. Show protected content if auth.isAuthenticated(), else call auth.login() 5. Add Logout → auth.logout() & auto-refresh → auth.startAutoRefresh()
6. On auth change, handle 'revoked_by_admin' to force a clean re-login UX
# Docs: https://your-auth-server.com/api/docs

Works with GitHub Copilot, Cursor, Windsurf, Claude, ChatGPT

Get started

Start from the dashboard.
Scale with confidence.

Use your own infrastructure, keep your own data, and ship identity with stronger defaults: consent, passkeys, MFA, revocation, and operational visibility.

Go to Dashboard Read the Docs

Getting started in 4 steps

Create tenant Set up your admin account and bootstrap your identity workspace.

Register app Add redirect URIs and generate OAuth credentials for your client.

Set security policy Configure OTP, passkeys, notifications, and token/session settings per app.

Integrate and launch Wire the SDK, handle callback/revocation events, and ship with confidence.