Modern, open source, web app authentication.


AuthN manages a database of user accounts with sign-in credentials and related attributes.

Your application frontend relies on AuthN for creating accounts, logging in, forgotten passwords, and session maintenance.

Your backend relies on AuthN for account moderation actions like locking, unlocking, archiving, and forcing password changes.


Service architecture is the right architecture for your sensitive authentication logic and passwords data.

Traditional libraries merge into your application's ever-expanding security perimiter. Any vulnerability you or your dependencies introduce with an unrelated change is a potential vector for compromised accounts.

AuthN is fast, stable, and secure, no matter your platform.


Usernames & Passwords
Classic signup, login, and logout. Secure, hardened, and isolated.
Business Metrics
Track your active accounts by day, week, and month. See your application's usage and adoption rates!
Sessions for Apps and APIs
Session tokens may be sent with cookies or headers.
Single Sign-On
Sessions may transfer across authorized domains.
Password Complexity Validations
One simple setting — 0 to 5 — controls how complex passwords must be. Based on real-world attack patterns.
Password Reset Tokens
Securely generate, validate, and expire password reset tokens.
Account Archival
Delete personal information from archived accounts.
Account Locking
Prevents an account from logging in without permanently archiving it.
Forced Password Changes
Require an account to reset their password before logging in, for any reason.
Revokable Sessions
Don't just delete session cookies, revoke them permanently.
Session Timeouts
Sessions may expire after inactivity.
Expiring Sessions
Sessions may expire after a hard cut-off.


Standalone Service

Remove complexity and responsibility from your application.

Password Vault

Isolate sensitive data with a split database architecture.

Open Source

Free and transparent. No security through obscurity.


Platform agnostic with no vendor lock-in.

Getting Started

1. Run the AuthN service

Run it locally with Docker:

docker run -it --rm \
  --publish 8080:3000 \
  -e AUTHN_URL=localhost:8080 \
  -e APP_DOMAINS=localhost \
  -e DATABASE_URL=sqlite3:db/demo.sqlite3 \
  -e SECRET_KEY_BASE='my-authn-test-secret' \
  --name authn_app \
  keratin/authn-server:latest \
  sh -c "./authn migrate && ./authn server"

You can now verify it's running by opening http://localhost:8080/health in your browser.

2. Add backend & frontend clients

AuthN integrates with both your backend and your frontend.

Ruby Go