anomalyco/openauth

Description: ▦ Universal, standards-based auth provider.

View on GitHub ↗Jump to charts ↓

Summary Information

Updated 1 hour ago
Added to GitGenius on March 3rd, 2026
Created on November 12th, 2024
Open Issues & Pull Requests: 147 (+0)
Number of forks: 287
Total Stargazers: 7,169 (+5)
Total Subscribers: 23 (+0)

Issue Activity (beta)

Open issues: 100
New in 7 days: 0
Closed in 7 days: 0
Avg open age: 299 days
Stale 30+ days: 99
Stale 90+ days: 84

Recent activity

Opened in 7 days: 0
Closed in 7 days: 0
Comments in 7 days: 0
Events in 7 days: 0

Top labels

No label distribution available yet.

Most active issues this week

No issue events were indexed in the last 7 days.

Repository Insights (GitGenius)

Median issue/PR response: 17.6 hours
Mean response time: 9.2 days
90th percentile: 24.6 days
Tracked items: 144

Most active contributors

Detailed Description

OpenAuth is a standards-based authentication provider written in TypeScript that enables centralized identity management for web applications, mobile apps, single-page applications, APIs, and third-party clients. Currently in beta, it is available as an npm package and documented at openauth.js.org. The project is maintained by the creators of SST, an infrastructure management tool, and shares contributors with related projects including activepieces and autogpt.

The core philosophy of OpenAuth distinguishes it from existing authentication solutions. Rather than being a library embedded within a single application or a SaaS-only service like Auth0 or Clerk, OpenAuth functions as a self-hosted centralized authentication server. This approach allows organizations to run their own authentication infrastructure while maintaining compatibility with OAuth 2.0 specifications, meaning any OAuth-compatible client can authenticate through it. The system can serve all of an organization's applications simultaneously, from web and mobile apps to internal admin tools.

OpenAuth implements OAuth 2.0 flows by delegating to configured identity providers during authorization. These providers can be third-party services like Google or GitHub, or built-in flows such as email and password authentication or PIN-based access. The architecture intentionally avoids solving user management, recognizing that database requirements vary widely across the JavaScript ecosystem. Instead, OpenAuth invokes a callback after user identification, allowing developers to implement custom user lookup and creation logic suited to their specific infrastructure.

The system maintains minimal state despite being a centralized server, storing only essential data like refresh tokens and password hashes in a simple key-value store. Multiple storage implementations are supported, including Cloudflare KV and DynamoDB for zero-overhead deployments. The architecture is built on Hono, a minimal web framework capable of running on Node.js, Bun, AWS Lambda, or Cloudflare Workers, providing flexibility in deployment options.

OpenAuth includes a themeable user interface that developers can use immediately without custom design work, or they can customize by copying and modifying the default implementation. The system uses JWT-based access tokens containing subject data defined through validation schemas, with support for multiple subject types to accommodate different user categories. Configuration requires defining providers, subjects, storage mechanisms, and success callbacks that handle the authentication flow completion.

According to GitGenius activity tracking, the repository has processed 144 issues and pull requests with a median response latency of 17.6 hours, indicating active maintenance. The primary contributor thdxr has logged 206 events, with additional significant contributions from barziahmed and tunnckoCore. The project is classified across multiple security and authentication domains including claims-based access control, token security, and extensible framework architecture.

The repository includes code examples for rapid implementation and integrates with SST components for simplified deployment to AWS and Cloudflare infrastructure. Both server-side rendered sites using authorization code flow and client-side applications using PKCE-protected token flow are supported, with token verification capabilities for API servers. The implementation is fully type-safe, with provider configuration automatically determining the shape of authentication payloads received by callbacks.

openauth
by
anomalycoanomalyco/openauth

Repository Details

Fetching additional details & charts...