Melody Auth

Melody Auth is a user-friendly, robust solution for implementing and hosting your own OAuth and authentication system.

• Deploy to Cloudflare using Workers, D1, and KV in just minutes — minimizing infrastructure and DevOps overhead.
• Self-Host with Node.js, Redis, and PostgreSQL — giving you full control over your data and infrastructure.

Disclaimer All French translations provided in this project have been generated by AI. Please review them carefully for accuracy before use.

What's included?

• OAuth & Authentication Server [Setup] [Config]
• Server-to-Server REST API for backend integrations [Setup] [Swagger]
• Admin Panel for managing resources (also serves as a full-stack implementation example) [Setup]
• React/Angular/Vue/Web SDK to seamlessly integrate PKCE-based authentication into your frontend application.
  • react-sdk [Package] [Doc]
  • angular-sdk [Package] [Doc]
  • vue-sdk [Package] [Doc]
  • web-sdk [Package] [Doc]
• Embedded Auth API for embedding authentication flows directly within your application. [Setup] [Swagger]

Auth Server Features Supported

• OAuth 2.0:
  • Authorize
  • Token Exchange
  • Refresh Token Revoke
  • App Consent
  • App Scopes
  • User Info Retrieval
  • OpenID Configuration
• Authorization:
  • Sign-In
  • Passwordless Sign-In
  • Sign-Up
  • Sign-Out
  • Email Verification
  • Password Reset
  • Role-Based Access Control
  • User Attribute
  • Account Linking
  • Localization
• External Identity Providers:
  • Social Sign-In
    • Google Sign-In
    • Facebook Sign-In
    • GitHub Sign-In
    • Discord Sign-In
    • Apple Sign-In
  • OIDC Auth Provider Sign-In
  • SAML SSO Sign-In (Node.js environment only)
• Multi-Factor Authentication
  • Email MFA
  • OTP MFA
  • SMS MFA
  • MFA Self Enrollment
  • Passkey Enrollment
  • Recovery Code
  • Remember Device for 30 days
• Policy
  • sign_in_or_sign_up
  • update_info
  • change_password
  • change_email
  • reset_mfa
  • manage_passkey
  • manage_recovery_code
  • saml_sso_[idp_name]
  • oidc_sso_[provider_name]
• Organization:
  • Branding config override
  • Organization users
  • Organization groups
• Mailer Option
  • SendGrid
  • Mailgun
  • Brevo
  • Resend
  • Postmark
  • SMTP (Node.js environment only)
• SMS Option
  • Twilio
• JWT Authentication
  • RSA256 based JWT Authentication
  • JWT Secret Rotate
• Brute-force Protection:
  • Log in attempts
  • Password reset attempts
  • OTP MFA attempts
  • SMS MFA attempts
  • Email MFA attempts
  • Change Email attempts
• Logging:
  • Logger Level
  • Email Logs
  • SMS Logs
  • Sign-in Logs

Admin Panel & S2S REST API Features Supported

• View Configurations
• Manage Users
  • Impersonation
• Manage User Attributes
• Manage Apps
  • App Level MFA Config
  • App Banner Config
• Manage Scopes
• Manage Roles
• Manage Organizations
• Manage SAML SSO IDPs
• Manage Logs
• Admin Panel Access Control

Demo & Examples

• Demo Site
• Vite React Example
• Angular Example
• Vite Vue Example
• Next.js Full stack implementation Example
• Next.js Auth.js Example
• React Native Example
• Vanilla JavaScript Example
• Embedded Auth API Example

Screenshots

Authorization Screenshots
Admin Panel Screenshots

License

This project is licensed under the MIT License. See the LICENSE file for details.