Back to all products

    Every login path. One SDK.

    Passwordless, password, and social auth -- all flowing through a single policy engine. Ship the login experience your users expect without fragmenting your identity model.

    Free up to 2,000 MAU

    Auth flow state machine

    User arrives

    signup or login

    Magic link / OTP

    Verify ownership

    click link or enter code

    Session created

    Password

    Validate credentials

    hash check + brute-force guard

    Session created

    Social OAuth

    Provider redirect

    Google, GitHub, Microsoft...

    Session created

    Unified session + token

    same format, same policy, every method

    Three auth lanes

    Pick the method. We handle the plumbing.

    Passwordless

    Magic link & OTP

    Drop signup friction to nearly zero. Users get a one-time link or code, verify ownership, and land in a session -- no password creation step.

    await authaz.auth.start({
  method: "magic_link",
  email: "user@company.com",
  redirectTo: "/auth/callback",
});

// Or with a 6-digit OTP
await authaz.auth.start({
  method: "email_otp",
  email: "user@company.com",
});

    Password

    Credential-based login

    For enterprise personas and admin surfaces where predictable ownership semantics matter. Full lifecycle: signup, login, reset, and rotation.

    await authaz.auth.start({
  method: "password",
  email: "admin@acme.com",
  password: credentials.password,
});

// Password reset flow
await authaz.auth.resetPassword({
  email: "admin@acme.com",
  redirectTo: "/auth/reset-callback",
});

    Social

    OAuth providers

    Let users log in with Google, GitHub, Microsoft, or any OIDC-compliant provider. Fast entry for self-serve products while still enforcing your identity policy.

    await authaz.auth.start({
  method: "social",
  provider: "google",
  redirectTo: "/auth/callback",
});

// GitHub, Microsoft, Apple, or any
// OIDC-compliant provider works the same way

    Why it matters

    One policy across every login method

    Adding a new auth method usually means a new code path, a new edge case, and a new gap in your security surface. Authaz runs every method through the same policy engine so you can expand options without expanding risk.

    One identity, every method

    Whether a user signs up with a magic link and later adds a password, or starts with Google and switches to email OTP -- the account stays unified. No duplicated profiles.

    Tenant-aware method selection

    Offer passwordless for your self-serve tier and restrict to SSO + password for enterprise tenants. The SDK resolves the right method by organization policy.

    Shared session model

    All auth methods produce the same token format and session lifecycle. Downstream services never need to know which method was used.

    One policy surface for compliance

    Rate limits, brute-force protection, and audit trails apply uniformly. Adding a new login method does not create a new security blind spot.

    Auth flows that convert

    Ship passwordless, password, and social login under one SDK. Free up to 2,000 MAU -- no credit card required.

    Free up to 2,000 MAU