Authentication

Authentication with noauth.sh uses modern technologies like WebAuthn and FIDO2 to provide a secure, passwordless user experience.

Sign In / Sign Up

User registration and authentication is performed through the signin function.

import { NoAuth } from "@noauth/browser";

const noauth = new NoAuth({ apiKey: "your-api-key" });

const { verified, accessToken } = await noauth.signin("[email protected]");

if (verified) {
  // Use accessToken with your API calls
}

Token verification

The accessToken is a JWT that can be used to authenticate the user in your server.

// On your server
import jwt from "jsonwebtoken";

function authenticate(accessToken) {
  // You can find the value of SECRET_KEY in the settings page
  const { email } = jwt.verify(accessToken, SECRET_KEY);

  // ...some other server validations and session management with user email
}

Authentication Flow

sequenceDiagram
    autoNumber
    participant U as User
    participant N as noauth.sh
    participant S as Your server

    U->>N: Request authentication
    activate N
    N->>U: Challenge created
    deactivate N
    activate U
    U->>N: Challenge solved
    deactivate U
    activate N
    N->>U: Access Token (JWT)
    deactivate N
    activate U
    U->>S: Validate Access Token
    deactivate U