whatisgithub

What is openauth?

anomalyco/openauth — explained in plain English

Analysis updated 2026-06-24

6,922TypeScriptAudience · developerComplexity · 3/5Setup · moderate

In one sentence

OpenAuth is a self-hosted OAuth 2.0 authentication server that handles login centrally for all your apps, supporting GitHub, Google, email/password, and PIN flows, without managing a user database itself.

Mindmap

mindmap
  root((OpenAuth))
    What it does
      Self-hosted auth server
      OAuth 2.0 standard
      Centralised login
    Login providers
      GitHub
      Google
      Email and PIN
    Deployment targets
      Cloudflare Workers
      AWS Lambda
      Node.js or Bun
    Design choices
      No user database
      Your own user lookup
      Themeable login UI
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Replace Auth0 or Clerk with a self-hosted login server that works for all your web and mobile apps from one place.

USE CASE 2

Add GitHub or Google login to your app using standard OAuth 2.0 so any OAuth-compatible client can authenticate.

USE CASE 3

Deploy a login server to Cloudflare Workers with KV as the token store and get a working login page immediately.

USE CASE 4

Enable external developers to use your platform as an identity provider so they can add 'Login with your app' to their products.

What is it built with?

TypeScriptNode.jsBunAWS LambdaCloudflare Workers

How does it compare?

anomalyco/openauthreactchartjs/react-chartjs-2latentcat/qrbtf
Stars6,9226,9266,927
LanguageTypeScriptTypeScriptTypeScript
Setup difficultymoderateeasyeasy
Complexity3/52/52/5
Audiencedeveloperdeveloperdesigner

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 1h+

Requires a key-value store (Cloudflare KV or DynamoDB) and configuration of at least one login provider before the auth server is functional.

No license information was provided in the explanation, check the repository directly before using commercially.

So what is it?

OpenAuth is an open-source authentication server that you host yourself. Authentication is the system that handles logging in: it checks who someone is and issues a token that proves their identity to the rest of your application. Most developers either build this themselves inside their app or pay for a service like Auth0 or Clerk to handle it. OpenAuth is a third option: a complete, self-hosted server that handles the login process centrally for all of your apps at once. Because it follows the OAuth 2.0 standard, any application that can work with OAuth can use it, including web apps, mobile apps, internal admin tools, and third-party clients. It supports multiple login methods through a concept called providers. You can enable login with GitHub or Google, or use built-in flows like email and password or a PIN code sent by email. You can also enable "login with your app" flows so external developers can use your platform as an identity source. One deliberate design choice is that OpenAuth does not handle user management, meaning it does not store a database of users or their profile data. Instead, when someone successfully logs in, OpenAuth calls a function you write, giving you the chance to look up or create the user in your own database. This keeps the tool focused and avoids imposing a specific database structure on you. The server can be deployed to AWS Lambda, Cloudflare Workers, or a standard Node.js or Bun environment. It needs only a minimal key-value store for data it must keep, such as refresh tokens, and there are ready-made adapters for Cloudflare KV and DynamoDB. A prebuilt, themeable login UI is included so you can have a working login page immediately without designing one yourself. OpenAuth is built by the team behind SST, a tool for managing cloud infrastructure, and SST provides ready-made components for deploying OpenAuth to AWS or Cloudflare with minimal configuration.

Copy-paste prompts

Prompt 1
Help me deploy OpenAuth to Cloudflare Workers with Cloudflare KV as the token store and GitHub as a login provider.
Prompt 2
I want OpenAuth to call my own function when a user logs in so I can look them up in my Postgres database. Show me how to wire that callback.
Prompt 3
Add an email and PIN login flow to my OpenAuth deployment so users without a GitHub or Google account can still sign in.
Prompt 4
Using the SST components for OpenAuth, deploy an auth server to AWS Lambda with DynamoDB as the key-value store.

Frequently asked questions

What is openauth?

OpenAuth is a self-hosted OAuth 2.0 authentication server that handles login centrally for all your apps, supporting GitHub, Google, email/password, and PIN flows, without managing a user database itself.

What language is openauth written in?

Mainly TypeScript. The stack also includes TypeScript, Node.js, Bun.

What license does openauth use?

No license information was provided in the explanation, check the repository directly before using commercially.

How hard is openauth to set up?

Setup difficulty is rated moderate, with roughly 1h+ to a first successful run.

Who is openauth for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.