Auth Infrastructure
for Modern Apps
Self-hosted IAM with OAuth 2.0, OpenID Connect, SAML 2.0, MFA, WebAuthn, and SDKs for every platform. Deploy in 30 seconds. ~150MB RAM. Zero vendor lock-in.
Everything you need to secure your stack
Enterprise-grade IAM with 48+ modules, 7 SDKs, and zero vendor lock-in. Self-hosted, open-source, and ready in seconds.
OAuth 2.0 & OpenID Connect
Full OAuth 2.0 with PKCE, Authorization Code, Client Credentials, Device Authorization (RFC 8628), and Refresh Token grants. OIDC Core 1.0 with discovery, backchannel logout, and session management.
SAML 2.0
Full Identity Provider and Service Provider modes. Issue SAML assertions, broker external SAML IdPs, metadata exchange, and assertion signing for enterprise SSO.
Multi-Factor Authentication
TOTP-based MFA with Google Authenticator, Authy, and Microsoft Authenticator. Recovery codes, brute force protection with configurable lockout thresholds.
WebAuthn & Passwordless
FIDO2/WebAuthn support for passwordless authentication. Hardware security keys, biometric login with Face ID and fingerprint on supported devices.
Step-Up Authentication
Progressive authentication requiring higher assurance (ACR levels) for sensitive operations. Configurable step-up duration and re-authentication flows.
Multi-Tenant Realms
Isolated tenants with independent users, clients, roles, groups, signing keys, themes, and configurations. Perfect for SaaS platforms needing tenant isolation.
B2B Organizations
Team and organization management for B2B multi-tenancy. Org-level roles, member invitations, and hierarchical structures for enterprise SaaS.
Federation & Social Login
LDAP/Active Directory sync with on-demand or scheduled import. Broker external OIDC and SAML identity providers — Google, GitHub, Azure AD, or any compliant IdP.
AI-Powered Risk Assessment
Intelligent risk scoring for login attempts with adaptive authentication. Detect anomalous behavior, flag suspicious patterns, and dynamically adjust security levels.
7 Official SDKs
First-class SDKs for TypeScript, React, Next.js, Angular, Vue, iOS (Swift), and Android (Kotlin). Plus a CLI tool for server management. 5 lines to authenticate.
Plugin System
Extensible plugin architecture with custom event listeners, token enrichment, and authentication flow customization. Build exactly the auth logic you need.
Admin Console
Full-featured React dashboard for managing realms, users, clients, roles, groups, sessions, events, and more. Real-time data with a modern, responsive UI.
Production Ready
Prometheus metrics, health checks, structured JSON logging (Pino), rate limiting (global + per-realm + per-user), and Helmet security headers. Ready for day one.
Scalable Infrastructure
Fully stateless design for horizontal scaling. Docker and Kubernetes-ready with Helm charts. Optional Redis for session storage and caching. Multi-database support.
Webhooks & Audit Logs
Event-driven webhook system with AES-256-GCM encryption and retry logic. Comprehensive login event and admin action audit trail for compliance.
7 SDKs for every platform
First-class SDKs for web, mobile, and server. OAuth 2.0 + PKCE, automatic token refresh, and platform-native features like biometrics. Install and authenticate in 5 lines.
authme-sdk Zero-dependency, ~5KB gzipped
@authme/react Hooks: useAuth, useUser, ProtectedRoute
@authme/nextjs Middleware, Server Components, API routes
@authme/angular AuthService, route guards, HTTP interceptor
@authme/vue Composables, plugin, router guard
AuthmeSDK (SPM) Keychain storage, Face ID / Touch ID
authme-android (Gradle) EncryptedPrefs, BiometricPrompt
npm install authme-sdk
View all SDK docs
import { AuthmeClient } from 'authme-sdk';
const authme = new AuthmeClient({
url: 'https://auth.example.com',
realm: 'my-realm',
clientId: 'my-app',
redirectUri: 'http://localhost:5173/callback',
refreshStrategy: 'rotation',
});
await authme.init();
if (!authme.isAuthenticated()) {
await authme.login();
}
const user = authme.getUserInfo();
console.log(user.name, user.email);Built on proven technology
A modular, layered architecture with 48+ NestJS modules. Fully stateless for horizontal scaling.
Client Applications
Your apps connect via SDKs using OAuth 2.0 PKCE flows
Protocol Layer
Standards-compliant endpoints handling all auth protocols
Auth Engine
Core authentication logic with multi-factor and risk assessment
Identity Core
48+ NestJS modules managing identity resources and policies
Operations Layer
Observability, events, and integration hooks
Data & Infrastructure
Persistent storage, caching, and external integrations
AuthMe vs. The Rest
See how AuthMe stacks up against the most popular identity solutions — self-hosted and cloud.
| Feature | Recommended AuthMe | Keycloak | Auth0 | Clerk | SuperTokens |
|---|---|---|---|---|---|
| Deployment | |||||
| Self-Hosted | |||||
| Open Source | |||||
| Docker One-Liner | |||||
| Kubernetes / Helm | |||||
| Horizontal Scaling | |||||
| Protocols | |||||
| OAuth 2.0 + PKCE | ~ | ||||
| OpenID Connect 1.0 | ~ | ||||
| SAML 2.0 | |||||
| Device Authorization | |||||
| Step-Up Authentication | ~ | ~ | |||
| MFA & Passwordless | |||||
| TOTP (Authenticator) | |||||
| WebAuthn / FIDO2 | |||||
| Recovery Codes | |||||
| Brute Force Protection | |||||
| Identity | |||||
| Multi-Tenant Realms | |||||
| B2B Organizations | ~ | ~ | |||
| RBAC (Roles & Groups) | |||||
| LDAP / Active Directory | |||||
| Social & Enterprise IdP | |||||
| Custom Attributes | ~ | ||||
| Developer Experience | |||||
| Modern Admin Console | |||||
| REST API (100+ endpoints) | |||||
| Web SDKs (React/Vue/Angular) | ~ | ||||
| Mobile SDKs (iOS/Android) | ~ | ||||
| CLI Tool | |||||
| Webhooks | ~ | ||||
| Plugin / Extension System | ~ | ||||
| Operations | |||||
| Prometheus Metrics | |||||
| Health Check Endpoints | |||||
| Rate Limiting | ~ | ||||
| Audit Logging | |||||
| Realm Theming | ~ | ||||
| Language | TypeScript | Java | N/A (SaaS) | N/A (SaaS) | TypeScript |
| Memory | ~150 MB | ~1 GB+ | N/A | N/A | ~200 MB |
| Setup Time | 30 sec | 5 min | 2 min | 2 min | 5 min |
| SDK Count | 7+ | 2 | 10+ | 5+ | 4 |
| Cost | Free forever | Free | Freemium $$$ | Freemium $$ | Freemium |
Deploy in 30 seconds
From zero to production-ready identity server in three simple steps.
Pull & Run
Pull the official image from Docker Hub and start AuthMe with one command.
docker run -d -p 3000:3000 islamawad/authmeConfigure Your Realm
Open the Admin Console and create your first realm, client, and users.
curl -X POST http://localhost:3000/admin/realms \
-H "Authorization: Bearer <api-key>" \
-H "Content-Type: application/json" \
-d '{"name": "my-app", "displayName": "My App"}'Integrate Your App
Install the SDK and connect your application to AuthMe in minutes.
npm install authme-sdkhttp://localhost:3000 Powerful Admin Dashboard
Full-featured React 19 admin console for managing realms, users, clients, roles, groups, sessions, identity providers, and audit logs — all in real time.
AuthMe Console production Dashboard
Built in the open.
Owned by you.
No vendor lock-in. No surprise pricing. Fork it, extend it, self-host it. Your identity infrastructure, your rules.
Support AuthMe
Help keep this project alive and growing
How to Contribute
For Developers
Get started with the SDK, explore the API, and contribute to the project.
For Teams
Deploy to your infrastructure and manage identity across all your applications.