Skip to main content

Auth that lives in your app.

Logins, sessions, magic links, phone codes, API keys, and teams. Runs in your backend. Stores everything in your own database. Yours forever.

$ npm install own-auth
$ npx own-auth migrate

Two commands. Auth is in your app.
Two commands to install Own Auth

Auth shouldn't own you.

Hosted auth platforms are easy until the price changes, migrating hurts, and someone else holds your users. DIY auth holds your weekends hostage. There's a better way.

Install. Connect. Ship.

01

Install the package.

No account. No dashboard. No signup wall.

02

Connect your database.

Add your Postgres URL, run one command.

03

Call it from your code.

Sign people up. Log them in. Done.

Works with any framework. Next.js, Express, whatever you're using. Or none at all.

Passwords

Classic sign up and sign in. Passwords stored safely, never in plain text.

Magic links

Passwordless login. You email a link, they click it, they're in. Each link works once, then expires.

Phone login (SMS OTP)

Text them a code, they type it in. Built-in protection against spam and abuse.

Sessions

How users stay signed in between visits. Stored in your database, so you can log out any device, instantly.

Organisations

Teams, workspaces, members, roles, and invites. Built in, not something you bolt on later.

API keys

Secure keys that let other apps and scripts talk to yours. Shown once, revoke anytime.

Audit logs

A record of who did what, when, and from where. Written automatically.

Rate limiting

Automatically slows down anyone hammering your login or spamming codes. Zero setup.

Boring security. The good kind.

Every password, session token, and login code is hashed, scrambled before it's stored. So even if someone got into your database, there's nothing usable to steal.

Every link and code works once, then dies. No homemade crypto. No clever tricks. Just the right defaults.

Don't want to deal with sending emails? We will.

Own Auth works completely on its own. Plug in any email provider you like.

But if you'd rather skip that setup, Own Auth Delivery is there. A managed service that sends your magic links, verification emails, password resets, and invites. Queued and retried, so nothing gets lost.

Set up Delivery →

What it does

Sends the email. That's it.

What it never does

Create users.

Verify logins.

Touch your data.

Your app creates the link. Delivery just sends it. Skip it, use it, or drop it later. Nothing breaks.

Built for how you actually build.

TypeScript-first, with clear, typed errors. No required framework. No required platform. No vendor lock-in. First login working in minutes, not days.

The core is free. Forever.

Auth, sessions, organisations, API keys, and audit logs are all open source.

Stop renting your users.

Ship real, production-ready auth today. On your terms.