Introduction
Aura Auth is a modern, type-safe authentication for TypeScript — built for security, extensibility, and developer experience.
Aura Auth is an open-source authentication and authorization library for modern TypeScript applications built on web standards like Web Standards, Crypto and OAuth 2.0, inspired by Auth.js; it delivers a type-safe, framework-agnostic, runtime-agnostic and modular API to implement secure authentication flows with first-class support for OAuth 2.0 and focuses on three core pillars: Security (strong, opinionated defaults), Developer Experience (simple ergonomics, complete TypeScript support), and Modularity (use only the features you need).
Features
Framework-agnostic
Seamlessly integrate with any web framework (Next.js, Elysia, Cloudflare Workers, etc.).
Runtime-agnostic
Run on any runtime using Web Standards APIs (Request, Response, Web Crypto).
OAuth 2.0
First-class support for OAuth 2.0 flows (Authorization Code with PKCE, Device Authorization).
Type-first API
Written entirely in TypeScript with strong types, full IntelliSense, and predictable ergonomics.
Composable
Built from small, focused packages — use only what you need (auth handlers, JOSE helpers, cookie utilities).
Secure by default
Strong defaults for PKCE, state validation, secure cookies, redirect validation, and CSRF protection.
Official OAuth Providers
GitHub
Github OAuth Provider
Bitbucket
Bitbucket OAuth Provider
Figma
Figma OAuth Provider
Discord
Discord OAuth Provider
X (Twitter)
X (Twitter) OAuth Provider
Spotify
Spotify OAuth Provider
Additional providers such as GitLab, Mailchimp, Notion, Pinterest, Strava, Atlassian and list of 15+ providers. See the OAuth Providers section for the full list.