Home Features Why Authn Architecture Documentation API Deployment Contact GitHub
Production-Ready • 72% Maturity • 19 Security Features

Enterprise Authentication Platform

Self-hosted, production-grade authentication system rivaling Auth0 and Firebase. Complete control, zero vendor lock-in, unlimited customization.

Get Started Star on GitHub View Demo
19
Security Features
72%
Production Ready
9/10
Security Score
$0
Per User Cost

Project Maturity Assessment

Overall Production Readiness: 72% | Average Maturity: 6.7/10

Maturity by Category

Category Breakdown

Security 9/10
Documentation 9/10
Architecture 8/10
Developer Experience 8/10
Scalability 6.5/10
Performance 6/10
Monitoring 4/10
Testing 3/10

Why Choose Authn?

Enterprise-grade security without vendor lock-in. Complete control over your authentication infrastructure at zero recurring costs.

vs. Auth0

  • Complete code ownership
  • Zero per-user costs
  • Full infrastructure control
  • Unlimited customization

Auth0 Cost:

$0.023/user/month

vs. Firebase Auth

  • Granular control over logic
  • Custom MongoDB schemas
  • Multi-cloud deployment
  • No Google dependency

Vendor Lock-in:

High Risk

vs. AWS Cognito

  • Simpler configuration
  • Transparent security model
  • Local development
  • Superior documentation

Setup Time:

2 hours+

Core Principles

Security First

Industry best practices with 19 integrated security features

Production Ready

Battle-tested architecture for real-world applications

Developer Friendly

Clean REST API with comprehensive documentation

Feature Rich

JWT, 2FA, OAuth, device management, and more

Analytics Built-in

Track sessions, devices, and user activity

Highly Configurable

30+ environment variables for customization

Feature Matrix

Comprehensive authentication features for modern applications

Authentication Methods

Feature Status Description
Email/Password ✅ Production bcryptjs with 12 salt rounds, strength validation
Google OAuth 2.0 ✅ Production Firebase Admin SDK integration
Two-Factor (2FA) ✅ Production TOTP with backup codes
Magic Links 🔄 Q2 2025 Email-based passwordless login
WebAuthn/FIDO2 📋 Q4 2025 Biometric authentication
SAML 2.0 📋 Q4 2025 Enterprise SSO support

Security Features

Progressive Rate Limiting

  • • Auth endpoints: 5 attempts per 15 minutes
  • • General API: 1,000 requests per 15 minutes
  • • Dual-tier IP and user-based throttling

Account Lockout Mechanism

  • • 30-minute lockout after 10 failed login attempts
  • • 15-minute lockout after 5 failed 2FA attempts
  • • Progressive delay implementation

Device Fingerprinting

  • • User agent and IP tracking
  • • Unique device identifier generation
  • • Trusted device verification workflow
  • • New device email notifications

Session Management

  • • JWT-based stateless authentication
  • • Maximum 5 concurrent sessions per user
  • • Activity monitoring and tracking
  • • Automatic session termination on security events

User Management

Profile Capabilities

  • • Full name, username, email, phone
  • • Avatar upload with Sharp processing
  • • Bio, website, location tracking
  • • GDPR-compliant data export

Account Operations

  • • Email verification with OTP
  • • Secure password reset
  • • Account deletion with backups
  • • Account restoration

Role-Based Access

  • • Predefined roles (user, moderator, admin)
  • • Granular permission system
  • • Permission inheritance
  • • Custom permission creation

Technical Architecture

Built with modern technologies and best practices

System Architecture

┌─────────────────────────────────────────────────────────┐
│            Client Applications Layer                    │
│        (Web, Mobile, Third-party Applications)          │
└───────────────────────┬─────────────────────────────────┘
                        │ HTTPS/REST API
                        │ JWT Authentication
┌───────────────────────▼─────────────────────────────────┐
│          Express.js Application Server                  │
│ ┌────────────────────────────────────────────────────┐  │
│ │         Security Middleware Layer                  │  │
│ │   • CORS • Helmet • Rate Limiting • Auth           │  │
│ └────────────────────────────────────────────────────┘  │
│ ┌────────────────────────────────────────────────────┐  │
│ │           API Route Handlers                       │  │
│ │    /auth  /users  /permissions  /sessions          │  │
│ └────────────────────────────────────────────────────┘  │
│ ┌────────────────────────────────────────────────────┐  │
│ │         Business Logic Services                    │  │
│ │   • Email • Firebase • Storage • Backup            │  │
│ └────────────────────────────────────────────────────┘  │
└───────────┬─────────────┬─────────────┬─────────────────┘
            │             │             │
    ┌───────▼──────┐ ┌───▼────────┐ ┌─▼─────────────┐
    │   MongoDB    │ │  Firebase  │ │  AWS S3/IPFS  │
    │   Database   │ │  Auth SDK  │ │    Storage    │
    └──────────────┘ └────────────┘ └───────────────┘

Technology Stack

Backend

Node.js 16+ Express.js MongoDB 4.4+ Mongoose

Security

JWT bcryptjs Helmet CORS

Services

Firebase Admin Nodemailer AWS S3 Sharp

Utilities

node-cron express-rate-limit dotenv

Database Schema

User Model (30+ fields)

{ // Authentication username: String (unique, indexed) email: String (unique, indexed) password: String (bcrypt hashed) // Profile firstName, lastName, dateOfBirth profilePicture: String (S3 URL) // Security twoFactorAuth: {...} trustedDevices: [...] sessions: [...] // Metadata lastLogin, loginCount, totalSessions }

Quick Start Guide

Get up and running in 10 minutes

Prerequisites

Node.js
≥16.0.0 LTS
MongoDB
≥4.4
npm
≥8.0.0
SMTP Server
Gmail, SendGrid, etc.
1

Clone the repository

git clone https://github.com/hanan-bhatti/authn.git cd authn
2

Install dependencies

npm install # or yarn install
3

Configure environment

cp .env.example .env

Edit .env with your configuration:

# Server PORT=5000 NODE_ENV=development BASE_URL=http://localhost:5000 # Database MONGO_URL=mongodb://localhost:27017/authn # JWT Secret (IMPORTANT) JWT_SECRET=your-super-secret-minimum-32-characters # Email Service SMTP_HOST=smtp.gmail.com SMTP_PORT=587 SMTP_USER=your-email@gmail.com SMTP_PASS=your-app-password
4

Start the server

# Development mode with hot reload npm run dev # Production mode npm start
5

Verify installation

API Documentation

RESTful API endpoints for seamless integration

Base URL

Production: https://api.yourdomain.com/api Development: http://localhost:5000/api

Authentication Endpoints

POST /auth/register
POST /auth/login
POST /auth/verify-email

User Management Endpoints

GET /users/profile

Get current user profile

PUT /users/profile

Update user profile

POST /users/avatar

Upload profile picture

POST /users/change-password

Change user password

GET /users/devices

Get trusted devices

GET /users/sessions

Get active sessions

Rate Limiting

Authentication Endpoints

5 requests
per 15 minutes

General API Endpoints

1,000 requests
per 15 minutes

Deployment Options

Multiple deployment strategies for any infrastructure

Docker

Containerized deployment with Docker Compose for easy scaling and management

docker-compose up -d

PM2

Process manager for Node.js with cluster mode and auto-restart capabilities

pm2 start ecosystem.config.js

AWS EC2

Traditional VPS deployment with full control over infrastructure and configuration

ssh ubuntu@your-ec2-ip

Kubernetes

Container orchestration for high-availability and automatic scaling in production

kubectl apply -f deployment.yaml

Heroku

Platform-as-a-Service for quick deployment without infrastructure management

git push heroku main

DigitalOcean

Simple cloud hosting with App Platform or traditional droplet deployment

doctl apps create

Nginx Reverse Proxy

Production-ready Nginx configuration with SSL, rate limiting, and security headers

upstream authn_backend { server localhost:5000; } server { listen 443 ssl http2; server_name api.yourdomain.com; ssl_certificate /etc/nginx/ssl/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/privkey.pem; location / { proxy_pass http://authn_backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } }

Security Deep Dive

Industry-leading security with 19 integrated features

Implemented

  • Password hashing with bcryptjs (12 salt rounds)
  • JWT with short expiration and secure cookies
  • Rate limiting on sensitive endpoints
  • Account lockout mechanism
  • Device fingerprinting and tracking
  • Session tracking and management
  • CORS configuration
  • Helmet security headers
  • Input validation and sanitization

Recommended Enhancements

  • Refresh token implementation
  • Redis-based session store
  • Secrets management (AWS Secrets Manager)
  • Security penetration testing
  • OWASP Top 10 compliance audit

Password Security Requirements

Requirements

  • • Minimum 8 characters
  • • At least one uppercase letter (A-Z)
  • • At least one lowercase letter (a-z)
  • • At least one number (0-9)
  • • At least one special character (@$!%*?&)

Implementation

const saltRounds = 12; const hashedPassword = await bcrypt.hash(password, saltRounds);

Get in Touch

Questions, feedback, or need enterprise support?

Professional Support

Need help with custom features, deployment, security audits, or training?

  • Custom feature development
  • Enterprise deployment assistance
  • Security audits and consulting
  • Training and workshops
Contact Support

Community Support

Join our community for free support and discussions

GitHub Issues
Bug reports and feature requests
GitHub Discussions
Questions and community help
Email
General inquiries

Response Times

24h
Security Issues
48h
Bug Reports
1w
Feature Requests
3-5d
General Questions