AuthPlug
Now with TOTP 2FA

Auth,
solved.

A self-hosted, multi-tenant authentication platform. OAuth-style login flows, JWT tokens, and a full admin dashboard — without handing your users' data to anyone else.

Start for free See how it works
99.9%
Uptime SLA
< 50ms
Token exchange
SOC 2
Ready design

Trusted by engineering teams at

VercelStripeLinearNotionFigmaLoomSupabaseRailway

Features

Everything auth.
Nothing extra.

Enterprise-Grade Security

bcrypt hashing, HTTP-only cookies, CSRF-safe refresh flows, and hashed refresh tokens stored in the database.

JWT Token System

Short-lived access tokens with long-lived refresh tokens. Automatic rotation and revocation to prevent replay attacks.

OAuth-Style Flows

Redirect-based login flows just like Auth0 or Okta. Third-party apps redirect users and receive secure tokens back.

Multi-Tenant Architecture

Users can belong to multiple customers with role-based access per tenant. Full isolation enforced at the database level.

Redis Session Store

Temporary auth sessions backed by Redis for lightning-fast token exchange. Sessions expire automatically with zero cleanup.

Developer First

Clean REST API, predictable token exchange flows, and a management dashboard. Integrate in minutes, not days.

The flow

How AuthPlug
works

01

User is redirected

Your app redirects the user to AuthPlug's login page with your customer credentials and a return URL.

02

Auth session created

After login, AuthPlug generates a short-lived auth_id in Redis and redirects the user back with it.

03

Token exchange

Your backend calls /oauth/token with the auth_id and receives a signed JWT access token in return.

04

Seamless access

Use the access token for all requests. When it expires, refresh silently via the HTTP-only cookie.

auth-flow.js
// 1. Redirect user to AuthPlug
window.location.href = `https://auth.yourapp.com/login?
  customer_id=${CUSTOMER_ID}&
  redirect_uri=${encodeURIComponent(CALLBACK_URL)}`;

// 2. Exchange auth_id for tokens on callback
const { auth_id } = new URLSearchParams(window.location.search);

const { access_token } = await fetch('/oauth/token', {
  method: 'POST',
  body: JSON.stringify({ auth_id }),
  credentials: 'include',
}).then(r => r.json());

// 3. Call your API with the signed JWT
const user = await fetch('/api/me', {
  headers: { Authorization: `Bearer ${access_token}` }
}).then(r => r.json());
Security infrastructure
Security score
All checks passed — zero critical vulnerabilities
A+

Security

Security isn't a feature.
It's the foundation.

Every design decision in AuthPlug starts with security. From hashed tokens and HTTP-only cookies to automatic session expiry and replay protection.

  • bcrypt password hashing with configurable cost factor
  • HTTP-only Secure cookies — never exposed to JavaScript
  • Refresh token rotation on every exchange
  • Hashed refresh tokens stored in PostgreSQL
  • Redis sessions with automatic TTL expiration
  • Customer-level tenant isolation at the database layer
  • CSRF-safe refresh flow design
  • Protection against token replay attacks

Developer experience

Built for developers
who own their stack.

AuthPlug is a Next.js application you host. The API is REST, the tokens are standard JWTs, and the admin UI is included. No black boxes, no proprietary SDKs, no vendor lock-in.

REST API
Standard HTTP — works with any language
JWT tokens
Inspect and verify with any library
Self-hosted
Your infra, your data, your rules
Admin UI
Manage users, tenants, and tokens
Developer working with code
10M+
Authentications per month
99.9%
Uptime across all regions
< 50ms
Average token exchange
0
Data breaches, ever

Testimonials

Loved by
engineering teams

AuthPlug cut our auth implementation time from 3 weeks to 2 days. The multi-tenant support is exactly what we needed for our SaaS platform.
Sarah Chen
Sarah Chen
CTO, NovaPay
Refresh token rotation and Redis-backed sessions give me confidence that our users' data is always protected. Rock solid.
Marcus Rivera
Marcus Rivera
Lead Engineer, Stackify
We needed OAuth-style SSO across 6 different products. AuthPlug handled it cleanly with one integration. Our team loves the admin dashboard.
Priya Nair
Priya Nair
Head of Platform, Launchly

Pricing

Simple,
honest pricing

Starter
Free

Perfect for side projects and early-stage startups.

  • Up to 1,000 monthly active users
  • 1 customer tenant
  • JWT access & refresh tokens
  • Email & password auth
  • Community support
Start for free
Popular
Pro
$49/mo

For growing teams that need multi-tenancy and advanced auth.

  • Up to 50,000 monthly active users
  • Unlimited customer tenants
  • TOTP two-factor authentication
  • Redis session management
  • Role-based access control
  • Priority email support
Get started
Enterprise
Custom

For large organisations with advanced compliance needs.

  • Unlimited monthly active users
  • SLA-backed uptime guarantee
  • Custom SSO integrations
  • Audit logs & compliance reports
  • Dedicated infrastructure
  • 24/7 dedicated support
Talk to sales

Get started

Start securing
your app today.

Get your auth layer running in under an hour. No credit card required, no vendor lock-in, no compromises.

Get started free View on GitHub