Modern, open source, web app authentication.


AuthN manages a database of user accounts with sign-in credentials like passwords and OAuth identities.

Your application's frontend relies on AuthN for creating accounts, logging in, forgotten passwords, and session maintenance.

Your application's backend relies on AuthN for account moderation actions like locking, unlocking, archiving, and forcing password changes.


Service architecture is the safest architecture for your sensitive password data and authentication logic.

Traditional libraries live inside your application's ever-growing security perimeter. Any vulnerability you or your dependencies introduce with an unrelated change is a potential vector for compromised accounts.

AuthN is fast, stable, and secure, no matter your platform.


Usernames & Passwords
Classic signup, login, and logout. Secure, hardened, and isolated.
OAuth Logins
Integrate with login providers such as Facebook, Google, and GitHub.
Passwordless Logins
Log your users in with a simple emailed link.
Business Metrics
Track your active accounts by day, week, and month. See your application's usage and adoption rates!
Sessions for Apps and APIs
Session tokens may be sent with cookies or headers.
Single Sign-On
Sessions may transfer across authorized domains.
Password Reset Tokens
Securely generate, validate, and expire password reset tokens.
Forced Password Changes
Require an account to reset their password before logging in, for any reason.
Account Archival
Delete personal information from archived accounts.
Account Locking
Prevents an account from logging in without permanently archiving it.
Revokable Sessions
Don't just delete session cookies, revoke them permanently.
Session Timeouts
Sessions may expire after inactivity.
Expiring Sessions
Sessions may expire after a hard cut-off.
Password Complexity Validations
One simple setting — 0 to 5 — controls how complex passwords must be. Based on real-world attack patterns.


Standalone Service

Remove complexity and responsibility from your application.

Password Vault

Isolate sensitive data with a split database architecture.

Open Source

Free and transparent. No security through obscurity.


Platform agnostic with no vendor lock-in.

Getting Started

1. Run the AuthN service

Run it locally with Docker:

docker run -it --rm \
  --publish 8080:3000 \
  -e AUTHN_URL=localhost:8080 \
  -e APP_DOMAINS=localhost \
  -e DATABASE_URL=sqlite3://:memory:?mode=memory\&cache=shared \
  -e SECRET_KEY_BASE='my-authn-test-secret' \
  --name authn_app \
  keratin/authn-server:latest \
  sh -c "./authn migrate && ./authn server"

You can now verify it's running by opening http://localhost:8080/health in your browser.

2. Add backend & frontend clients

AuthN integrates with both your backend and your frontend.

Ruby Go