authreadr
Log inGet started

Add auth to your app in one line.

authreadr is a hosted authentication service that makes adding email/ password auth, OAuth2/OIDC SSO, and API key management a one-line integration. No RFCs, no login-page builds, no identity plumbing.

Get started freeRead the docs

Free tier available · No card required.

middleware.ts
// Next.js middleware — one import, one call
import { authreadr } from "@authreadr/next";

export default authreadr({
  clientId: process.env.AUTHREADR_CLIENT_ID!,
  clientSecret: process.env.AUTHREADR_CLIENT_SECRET!,
});

// That's it. Protected routes redirect to login,
// sessions are verified, cookies are httpOnly.
Why authreadr

Everything you need, nothing you don't

A full OAuth2/OIDC provider with email/password auth and API keys. The SDK handles the protocol so you don't have to.

OAuth2/OIDC provider

Full OIDC-certifiable provider with discovery, authorize, token, and userinfo endpoints. PKCE, refresh-token rotation, and RS256-signed ID tokens out of the box.

Email/password auth

argon2id password hashing, httpOnly JWT cookie sessions, and email verification. Signup creates an active account; passwords are never stored in plaintext.

Scoped API keys

Issue server-scoped keys for service-to-service auth and browser-safe public keys for SPAs. See the secret once, revoke instantly. Every key is argon2id-hashed at rest.

JS/TS SDKs

One-line integration for Next.js middleware and Express apps. The SDK handles the OAuth2 dance, PKCE, token refresh, and session management. You never touch /oauth/authorize directly.

Self-service dashboard

Register OAuth2 clients, manage redirect URIs and scopes, and monitor auth activity from a web dashboard. No support ticket needed to add a new client.

Observable by default

Every auth event (signup, login, token issue, failure) is emitted as structured logs to logreadr. Query and alert on auth activity in real time.

How it works

Register, integrate, authenticate

Three steps from zero to working auth. The SDK owns the OAuth2 dance; you own your app.

1

Register your client

Create an OAuth2 client from the dashboard: give it a name, redirect URIs, and scopes. You get a client_id and a one-time secret.

2

Drop in the SDK

One import in your Next.js middleware or Express app wires up the full OAuth2 authorization-code flow with PKCE. No redirect plumbing, no token-exchange boilerplate.

3

Your users authenticate

They see your branded login page, consent screen, and are redirected back with a session. You call getSession() server-side and get the user's identity.

Ship auth in your next deploy

Sign up, register a client, and drop the middleware into your app. You'll have working auth before your next coffee.

Create your accountBrowse the docs