One auth system. Backend + frontend ecosystem.
Official backend libraries for Node, Python, Dart, and Rust โ plus official frontend libraries for Angular and Flutter, and native browser compatibility for any web framework/library via auth.js and the served UI (headless or headful mode).
Backend libraries
The core Node.js backend library. Drop-in auth router for Express, NestJS, Next.js, and Angular SSR.
npm install awesome-node-authFull Python/FastAPI equivalent โ every feature of the Node.js library, native to the Python ecosystem.
pip install awesome-python-authOfficial Dart backend library aligned with the same auth model and features. Add this entry under dependencies in pubspec.yaml.
dependencies: awesome_dart_auth: { git: 'https://github.com/nik2208/awesome-dart-auth.git' }Official Rust backend library for the same authentication architecture. Use the Git dependency in Cargo.toml.
awesome-rust-auth = { git = "https://github.com/nik2208/awesome-rust-auth" }Frontend libraries and browser client
Official Angular frontend library with guards, interceptors, signals, and SSR-safe setup.
npm install ng-awesome-node-authOfficial Flutter/Dart client. Automatic cookie+CSRF on web/WASM, Bearer on native. Zero boilerplate.
awesome_node_auth_flutter: ^1.9.4Natively compatible with any web framework/library in the browser. Use auth.js in headful mode (built-in UI pages) or headless mode. Replace {API_ORIGIN} with your auth backend origin (e.g. https://api.example.com).
<script src="{API_ORIGIN}/auth/ui/auth.js"></script>Why awesome-node-auth?
awesome-node-auth started as the simple answer to the management complexity and enterprise subscriptions often required for best-practice authentication โ and has since grown into a full multi-language ecosystem.
The same auth model, feature set, and client library compatibility now spans Node.js (core), Python/FastAPI, Dart/Shelf, and Rust backends โ all compatible with Angular and Flutter clients out of the box, plus natively ready for any browser framework/library through auth.js and the built-in served UI.
Solutions like Supertokens are extremely complex, paid if managed, and limited or hard to maintain if self-hosted. Supabase is heavy, packed with features you're forced to carry along even if you don't need them, and similarly limited when self-hosted.
awesome-node-auth gives you the same enterprise-grade features without the architectural bloat or vendor lock-in of cloud platforms โ and in your language of choice.
| Feature | awesome-node-auth | Others |
|---|---|---|
| Database support | Any DB via interface | Specific DBs only |
| Auth strategies | 5+ built-in recipes | Varies |
| Self-hosted | โ Always | Paid tier or limited |
| JWT tokens | โ Access + refresh pair | Often session-only |
| Official backend libraries | Node ยท Python ยท Dart ยท Rust | โ or third-party only |
| Official frontend libraries | Angular ยท Flutter ยท auth.js + served UI (any framework, headless/headful) | โ or third-party only |
| AI-assisted setup | โ MCP server included | โ |
| License | MIT | Mixed |
Choose your recipe
Pick the authentication strategy that fits your app. Mix and match multiple recipes.
Email / Password
Classic email and password authentication with bcrypt hashing and password reset flow.
View docs โOAuth / Social
Sign in with Google, GitHub, or any custom OAuth 2.0 provider using GenericOAuthStrategy.
View docs โMagic Link
Passwordless login via email. First magic-link login counts as email verification.
View docs โSMS OTP
One-time password codes delivered via SMS for phone verification or 2FA.
View docs โTOTP 2FA
Time-based one-time passwords compatible with Google Authenticator and Authy.
View docs โMulti-Tenancy
Isolate users and data across multiple tenants with tenant-aware RBAC.
View docs โAdmin Panel
Self-contained admin dashboard: user management, sessions, roles, tenants, and policy controls.
View docs โAccount Linking
Link multiple OAuth providers to one account. Safe conflict resolution via IPendingLinkStore.
View docs โEvent Bus & Tracking
Publish and subscribe to auth events (login, signup, failureโฆ) with AuthEventBus. Track telemetry with a single tools.track() call.
View docs โReal-time SSE
Push live notifications to connected browsers via Server-Sent Events. No WebSocket server needed.
View docs โWebhooks
Forward auth events to external services with HMAC-signed outgoing webhooks, or execute dynamic inbound scripts in a secure vm sandbox.
View docs โTelemetry
Persist every auth event to any database via ITelemetryStore and query the history through the tools router.
View docs โAI Setup (MCP)
Configure the entire library via natural language using the companion MCP server โ works with VS Code Copilot, Cursor, and Claude.
View docs โCloud Scalable
Stateless architecture by design. Use ISseDistributor and Redis to scale real-time SSE across any number of instances.
View docs โPython / FastAPI
Official Python backend library โ same auth flows, CSRF, IdP mode, RBAC, and multi-tenancy as the Node.js library.
View docs โDart / Shelf backend
Official Dart backend for Shelf and Dart Frog โ full feature parity with Node.js: cookies, CSRF, OAuth, magic link, RBAC, and IdP mode.
View docs โRust backend
Official Rust crate for Axum, Actix-web, and Warp โ same auth model, RBAC, tenancy, event bus, API keys, and IdP/JWKS support.
View docs โFlutter client
Official Flutter/Dart client โ automatic cookie+CSRF on web/WASM and Bearer on native. Zero token-management boilerplate.
View docs โ