Open Source TypeScript Authentication Software

Appwrite is a self-hosted and cloud backend-as-a-service platform that provides developers with all the core APIs required to build any application. Build your entire backend within minutes and scale effortlessly using Appwrite's open-source platform. Add Authentication, Databases, Functions, Storage, and Messaging to your projects using the frameworks and languages of your choice.

Better Auth is framework-agnostic authentication (and authorization) library for TypeScript. It provides a comprehensive set of features out of the box and includes a plugin ecosystem that simplifies adding advanced functionalities with minimal code in a short amount of time. Whether you need 2FA, multi-tenant support, or other complex features. It lets you focus on building your actual application instead of reinventing the wheel.

Auth.js is a set of open-source packages that are built on standard Web APIs for authentication in modern applications with any framework on any platform in any JS runtime.

This is Google's officially supported node.js client library for using OAuth 2.0 authorization and authentication with Google APIs. Use Application Default Credentials when you use a single identity for all users in your application. Especially useful for applications running on Google Cloud. Application Default Credentials also support workload identity federation to access Google Cloud resources from non-Google Cloud platforms. Use JWT when you are using a single identity for all users. Especially useful for server->server or server->API communication. Use workload identity federation to access Google Cloud resources from Amazon Web Services (AWS), Microsoft Azure or any identity provider that supports OpenID Connect (OIDC). Use workforce identity federation to access Google Cloud resources using an external identity provider (IdP) to authenticate and authorize a workforce—a group of users, such as employees, partners, and contractors.

Let Leapp manage your Cloud credentials locally. Improve your workflow with the only open-source desktop app and CLI you’ll ever need. Your all-in-one solution to assign IAM Cloud access across teams. Cloud credentials are available with a click. Data stored locally encrypted in your System Vault. Work with your Cloud Identities from a single place. Automatic temporary Cloud credentials generation and rotation. Pick your Cloud Provider to add a Leapp Session. Choose from supported access methods or leverage your federated identity with SAML 2.0 compliant identity providers. Automatically provision your sessions from AWS Single Sign-On via Leapp Integration. Start your Session, and Leapp will automatically generate secure short-lived credentials for you. All sensitive data are stored in your local System Vault and used only when needed to provide best-in-class security.

Satellizer is a simple to use, end-to-end, token-based authentication module for AngularJS with built-in support for Google, Facebook, LinkedIn, Twitter, Instagram, GitHub, Bitbucket, Yahoo, Twitch, Microsoft (Windows Live) OAuth providers, as well as Email and Password sign-in. However, you are not limited to the sign-in options above, in fact you can add any OAuth 1.0 or OAuth 2.0 provider by passing provider-specific information in the app config block. With any Cordova mobile apps or any framework that uses Cordova, such as Ionic Framework, you will need to add cordova-plugin-inappbrowser plugin. Make sure that inAppBrowser is listed in your project. Authorization (obtaining user's information with their permission) and authentication (application sign-in) requires sever-side implementation.

Enterprise-ready SaaS Starter Kit is a Next.js-based SaaS Starter Kit that can save hundreds of development hours while building enterprise-ready SaaS apps. Kickstart your enterprise app development with Next.js SaaS Starter Kit.

An open-source authentication and SSO (Single Sign-On) solution that simplifies enterprise authentication for SaaS applications.

The nativescript-fingerprint-auth plugin enables biometric authentication in NativeScript applications, allowing users to authenticate using fingerprint or facial recognition, enhancing security and user convenience.

OpenAuth is an authentication system aimed at modern serverless and edge runtimes, providing a cohesive way to add sign-in flows and session management to web apps. It supports common patterns such as OAuth with popular identity providers, email-based links or codes, and passkeys/passwordless options, while exposing a simple API that fits full-stack frameworks. The project is designed to be infrastructure-friendly, aligning with managed stores and serverless platforms so sessions, webhooks, and callbacks work reliably at scale. It emphasizes secure defaults, including robust token handling, CSRF protections, and clear session lifecycles, while leaving room for customization where apps need it. Developers can bring their own database or storage layer and wire it through adapters without rewriting core logic. The goal is to remove boilerplate around sign-up/sign-in, user profiles, and authorization checks so teams can ship features faster.

Tesseral is an open-source authentication and identity management platform tailored for B2B SaaS applications, offering enterprise-grade features like SAML SSO, SCIM provisioning, RBAC, API key management, and audit logging through a unified API-first service. Tesseral is a multi-tenant, API-first service designed to run on the cloud. It is not an authentication library tied to a particular language or framework; Tesseral works with any tech stack. Tesseral is open source auth infrastructure for business software (i.e., B2B SaaS). Tesseral is built for B2B SaaS. Your customer's admins control how their users log in to their tenant, and can add or remove users at will.