01
Install the package.
No account. No dashboard. No signup wall.
Logins, sessions, magic links, phone codes, API keys, and teams. Runs in your backend. Stores everything in your own database. Yours forever.
$ npm install own-auth
$ npx own-auth migrate
Two commands. Auth is in your app.Hosted auth platforms are easy until the price changes, migrating hurts, and someone else holds your users. DIY auth holds your weekends hostage. There's a better way.
01
Install the package.
No account. No dashboard. No signup wall.
02
Connect your database.
Add your Postgres URL, run one command.
03
Call it from your code.
Sign people up. Log them in. Done.
Works with any framework. Next.js, Express, whatever you're using. Or none at all.
Classic sign up and sign in. Passwords stored safely, never in plain text.
Passwordless login. You email a link, they click it, they're in. Each link works once, then expires.
Text them a code, they type it in. Built-in protection against spam and abuse.
How users stay signed in between visits. Stored in your database, so you can log out any device, instantly.
Teams, workspaces, members, roles, and invites. Built in, not something you bolt on later.
Secure keys that let other apps and scripts talk to yours. Shown once, revoke anytime.
A record of who did what, when, and from where. Written automatically.
Automatically slows down anyone hammering your login or spamming codes. Zero setup.
Every password, session token, and login code is hashed, scrambled before it's stored. So even if someone got into your database, there's nothing usable to steal.
Every link and code works once, then dies. No homemade crypto. No clever tricks. Just the right defaults.
Own Auth works completely on its own. Plug in any email provider you like.
But if you'd rather skip that setup, Own Auth Delivery is there. A managed service that sends your magic links, verification emails, password resets, and invites. Queued and retried, so nothing gets lost.
What it does
Sends the email. That's it.
What it never does
Create users.
Verify logins.
Touch your data.
Your app creates the link. Delivery just sends it. Skip it, use it, or drop it later. Nothing breaks.
TypeScript-first, with clear, typed errors. No required framework. No required platform. No vendor lock-in. First login working in minutes, not days.
Auth, sessions, organisations, API keys, and audit logs are all open source.