Melody Auth
Melody Auth is a user-friendly, robust solution for implementing and hosting your own OAuth and authentication system.
- Deploy to Cloudflare using Workers, D1, and KV in just minutes — minimizing infrastructure and DevOps overhead.
- Self-Host with Node.js, Redis, and PostgreSQL — giving you full control over your data and infrastructure.
Disclaimer All French translations provided in this project have been generated by AI. Please review them carefully for accuracy before use.
What's included?
- Complete OAuth & Authentication Server
- Server-to-Server REST API for backend integrations
- Admin Panel for managing resources (also serves as a full-stack implementation example)
- React/Angular/Vue SDK to seamlessly integrate PKCE-based authentication into your frontend application.
- Embedded Auth API for embedding authentication flows directly within your application.
Auth Server Features Supported
- OAuth 2.0:
- Authorize
- Token Exchange
- Refresh Token Revoke
- App Consent
- App Scopes
- User Info Retrieval
- OpenID Configuration
- Authorization:
- Sign-In
- Passwordless Sign-In
- Sign-Up
- Sign-Out
- Email Verification
- Password Reset
- Role-Based Access Control
- User Attribute
- Account Linking
- Localization How to support a new locale
- Social Sign-In:
- Google Sign-In
- Facebook Sign-In
- GitHub Sign-In
- Discord Sign-In
- Apple Sign-In
- OIDC Auth Provider Sign-In
- Multi-Factor Authentication How to setup MFA
- Email MFA
- OTP MFA
- SMS MFA
- MFA Self Enrollment
- Passkey Enrollment
- Policy How to trigger a different policy
- sign_in_or_sign_up
- update_info
- change_password
- change_email
- reset_mfa
- manage_passkey
- Organization:
- Branding config override
- Organization users
- Mailer Option Email Provider Setup Doc
- SendGrid
- Mailgun
- Brevo
- Resend
- Postmark
- SMTP (Node.js environment only)
- SMS Option SMS Provider Setup Doc
- Twilio
- JWT Authentication
- RSA256 based JWT Authentication How to verify a SPA access token
- JWT Secret Rotate How to rotate JWT secret
- Brute-force Protection:
- Log in attempts
- Password reset attempts
- OTP MFA attempts
- SMS MFA attempts
- Email MFA attempts
- Change Email attempts
- Logging:
- Logger Level
- Email Logs
- SMS Logs
- Sign-in Logs
Admin Panel & S2S REST API Features Supported
- View Configurations
- Manage Users
- Manage User Attributes
- Manage Apps
- App Level MFA Config
- Manage Scopes
- Manage Roles
- Manage Organizations
- Manage Logs
- Admin Panel Access Control Custom Role Access for the Admin Panel
Demo & Examples
- Vite React Example
- Angular Example
- Vite Vue Example
- Next.js Full stack implementation Example
- Next.js Auth.js Example
- React Native Example
- Vanilla JavaScript Example
- Embedded Auth API Example
Screenshots
Authorization Screenshots
Admin Panel Screenshots
License
This project is licensed under the MIT License. See the LICENSE file for details.