Welcome to Your Personal Auth Hub

Host one login service and reuse it across every side project. This app bundles TOTP and WebAuthn so you can protect dashboards, admin tools, and playground ideas without rewriting auth each time.

TOTP Auth

Works with Google Authenticator, Authy, 1Password, and more.

Generate Secret →

WebAuthn Auth

Use Touch ID, Face ID, Windows Hello, or hardware keys.

Register Credential →

ECDH Key Exchange

Secure OAuth token encryption using Elliptic Curve Diffie-Hellman.

Generate Key Pair →

Quick Start Checklist

  1. Configure env vars (username, password, JWT secret, 2FA method)
  2. Create a TOTP secret or WebAuthn credential
  3. Generate ECDH key pair if using encrypted OAuth flow (optional)
  4. Add allowed redirect URLs (your projects)
  5. Redirect projects to this login and verify the token

Why it helps

One Auth for Everything

Central place for all personal apps, SSO-style but self-hosted.

JWT Tokens

Signed tokens with customizable TTL, easy to verify in any backend.

Redirect Whitelist

Protects against open redirects; wildcard domains supported.

State / CSRF Guard

Optional state param keeps the login flow safe.

Security Notes

  • Keep JWT_SECRET private and rotate when needed
  • Use strong admin credentials in prod
  • Only whitelist redirects you trust
  • Prefer HTTPS everywhere (localhost is fine for dev)