Melody Auth

Melody Auth is a user-friendly, robust solution for implementing and hosting your own OAuth and authentication system.

• Deploy to Cloudflare using Workers, D1, and KV in just minutes — minimizing infrastructure and DevOps overhead.
• Self-Host with Node.js, Redis, and PostgreSQL — giving you full control over your data and infrastructure.

Disclaimer All French translations provided in this project have been generated by AI. Please review them carefully for accuracy before use.

• Complete OAuth & Authentication Server
  • Auth Server Setup Doc
  • Auth Server Configuration Doc
• Server-to-Server REST API for backend integrations
  • Swagger API Doc
  • S2S API Doc
• Admin Panel for managing resources (also serves as a full-stack implementation example)
  • Admin Panel Setup Doc
• React/Angular/Vue SDK to seamlessly integrate PKCE-based authentication into your frontend application.
  • React NPM Package
  • React SDK Doc
  • Angular NPM Package
  • Angular SDK Doc
  • Vue NPM Package
  • Vue SDK Doc
• Embedded Auth API for embedding authentication flows directly within your application.
  • Embedded Auth API Doc
  • Embedded Auth API Swagger

• OAuth 2.0:
  • Authorize
  • Token Exchange
  • Refresh Token Revoke
  • App Consent
  • App Scopes
  • User Info Retrieval
  • OpenID Configuration
• Authorization:
  • Sign-In
  • Passwordless Sign-In
  • Sign-Up
  • Sign-Out
  • Email Verification
  • Password Reset
  • Role-Based Access Control
  • User Attribute
  • Account Linking
  • Localization How to support a new locale
• Social Sign-In:
  • Google Sign-In
  • Facebook Sign-In
  • GitHub Sign-In
  • Discord Sign-In
  • Apple Sign-In
  • OIDC Auth Provider Sign-In
  • SAML SSO Sign-In (Node.js environment only) SAML SSO Setup Doc
• Multi-Factor Authentication How to setup MFA
  • Email MFA
  • OTP MFA
  • SMS MFA
  • MFA Self Enrollment
  • Passkey Enrollment
• Policy How to trigger a different policy
  • sign_in_or_sign_up
  • update_info
  • change_password
  • change_email
  • reset_mfa
  • manage_passkey
  • saml_sso_[idp_name]
  • oidc_sso_[provider_name]
• Organization:
  • Branding config override
  • Organization users
  • Organization groups
• Mailer Option Email Provider Setup Doc
  • SendGrid
  • Mailgun
  • Brevo
  • Resend
  • Postmark
  • SMTP (Node.js environment only)
• SMS Option SMS Provider Setup Doc
  • Twilio
• JWT Authentication
  • RSA256 based JWT Authentication How to verify a SPA access token
  • JWT Secret Rotate How to rotate JWT secret
• Brute-force Protection:
  • Log in attempts
  • Password reset attempts
  • OTP MFA attempts
  • SMS MFA attempts
  • Email MFA attempts
  • Change Email attempts
• Logging:
  • Logger Level
  • Email Logs
  • SMS Logs
  • Sign-in Logs

• View Configurations
• Manage Users
  • Impersonation How to allow users with a custom role to perform impersonation
• Manage User Attributes
• Manage Apps
  • App Level MFA Config
• Manage Scopes
• Manage Roles
• Manage Organizations
• Manage SAML SSO IDPs
• Manage Logs
• Admin Panel Access Control Custom Role Access for the Admin Panel

• Vite React Example
  • Demo Site: Password Sign-in/Sign-up with OTP MFA and Passkey enrollment
• Angular Example
• Vite Vue Example
• Next.js Full stack implementation Example
• Next.js Auth.js Example
• React Native Example
• Vanilla JavaScript Example
• Embedded Auth API Example

Authorization Screenshots
Admin Panel Screenshots

This project is licensed under the MIT License. See the LICENSE file for details.