A complete auth surface for your app.
Hosted pages, public APIs, dashboard controls, service keys, and analytics behind one deployable FastAPI service.
POST /api/v1/auth/token
Authorization: public PKCE exchange
returns access_token, refresh_token, userGive your coding agent the integration brief.
Integrate Passport Auth into my app. Ask me for the self-hosted Passport Auth URL first. Use hosted auth pages with PKCE unless I ask for custom screens. Read the implementation guide at passport.alactic.net/llm, then add sign in, register, callback token exchange, refresh rotation, logout, and /me current-user handling.Login, register, verify, reset, magic link, OTP, and Google callback pages.
Password, OTP, magic link, Google OAuth, token exchange, refresh, logout, and /me.
Users, sessions, settings, domains, email templates, admins, and analytics.
Scoped backend access for user create, fetch, update, deactivate, and metadata.
One exposed container. Internal data services.
FastAPI serves the public API, hosted auth pages, and the admin dashboard. Postgres stores users and settings, Redis handles short-lived auth state, and ClickHouse stores public auth events for product analytics.
- Postgres
- Redis
- ClickHouse
- Resend
Everything V1 needs, without pretending to be a platform suite.
Safe redirects
Every auth flow validates configured redirect URLs before issuing authorization codes.
PKCE first
Hosted pages return authorization codes. Tokens never sit directly in redirect URLs.
Encrypted provider secrets
Google and Resend secrets are stored encrypted. Passwords and one-time tokens are hashed.
Rotating refresh tokens
Refresh rotation supports logout, revocation, and replay-resistant session behavior.
Custom user metadata
Store plan, subscription, feature, and application-specific fields on each user.
Public auth analytics
Track signups, logins, methods, funnels, active users, retention, refreshes, and errors.