Melody Auth is a user-friendly, robust solution for implementing and hosting your own OAuth and authentication system.
- Deploy to Cloudflare using Workers, D1, and KV in just minutes — minimizing infrastructure and DevOps overhead.
- Self-Host with Node.js, Redis, and PostgreSQL — giving you full control over your data and infrastructure.
- Complete OAuth & Authentication Server
- Server-to-Server REST API for backend integrations
- React SDK to seamlessly integrate authentication into your frontend
- Admin Panel for managing resources (also serves as a full-stack implementation example)
- OAuth 2.0:
- Authorize
- Token Exchange
- Refresh Token Revoke
- App Consent
- App Scopes
- User Info Retrieval
- OpenID Configuration
- Authorization:
- Sign-In
- Sign-Up
- Sign-Out
- Email Verification
- Password Reset
- Role-Based Access Control
- Account Linking
- Localization How to support a new locale
- Social Sign-In:
- Google Sign-In
- Facebook Sign-In
- GitHub Sign-In
- Organization:
- Branding config override
- Multi-Factor Authentication How to setup MFA
- Email MFA
- OTP MFA
- SMS MFA
- MFA Enrollment
- Passkey Enrollment
- Policy How to trigger a different policy
- sign_in_or_sign_up
- update_info
- change_password
- change_email
- reset_mfa
- manage_passkey
- Mailer Option Email Provider Setup Doc
- SendGrid
- Mailgun
- Brevo
- STMP (Node.js environment only)
- SMS Option SMS Provider Setup Doc
- Twilio
- JWT Authentication
- RSA256 based JWT Authentication How to verify a SPA access token
- JWT Secret Rotate How to rotate JWT secret
- Brute-force Protection:
- Log in attempts
- Password reset attempts
- OTP MFA attempts
- SMS MFA attempts
- Email MFA attempts
- Change Email attempts
- Logging:
- Email Logs
- SMS Logs
- Sign-in Logs
- View Configurations
- Manage Users
- Manage Apps
- Manage Scopes
- Manage Roles
- Manage Organizations
- View Logs
Authorization Screenshots
Admin Panel Screenshots
This project is licensed under the MIT License. See the LICENSE file for details.