Authentication you don't have to rebuild for every product.
One service authenticates users across the whole product family. Add it to a new app with a few lines of configuration — no password storage, no session plumbing, no per-app auth code to maintain.
Email one-time codes
Users receive a six-digit code by email and sign in. Nothing to remember, nothing to steal. No password database to protect.
Isolated by product
Identity is scoped to (app, email). A user in one product is completely separate from
the same email in another. No accidental cross-product access.
Plain OpenID Connect
Authorization Code with PKCE and EdDSA-signed JWTs. Use any off-the-shelf OIDC library — our SDKs are just a convenience.
You decide who gets in
No open sign-up. You provision users from the dashboard, so only people you've added can ever receive a login code.
A single binary
One Go binary and a Postgres database. It runs migrations and manages its signing keys on its own. Deploy it anywhere.
Looks like your product
Each app sets its own logo, colour and login-email template, so the sign-in screen feels native to the product the user came from.
Three steps from zero to signed in.
Add your app & users
Register the product in the dashboard and add the people who should have access. Each gets an entry — there's no public sign-up.
The user signs in
Your app redirects to the hosted login page. The user enters their email, receives a code, and is sent back to your app with an authorization code.
Your app verifies the token
Exchange the code for tokens and verify the JWT locally against the published keys. You now know who the user is — securely, statelessly.