Provider-grade auth, owned by your infrastructure
Build login, MFA, passkeys, OAuth, JWT validation, and audit trails from one service.
AuthService gives companies a production-ready authentication layer with tenant isolation, REST and gRPC APIs, refresh-token rotation, JWKS, rate limits, and integration patterns for browser, mobile, backend, and microservice products.
Multi-tenant by default
Each product or environment gets isolated users, API keys, origins, sessions, and signing material.
Modern auth flows
Email/password, magic links, TOTP, OAuth2, and WebAuthn passkeys are documented in one reference.
Microservice friendly
Validate JWTs locally with JWKS or the Go validator, or call the gRPC TokenService.
Operator visibility
Client provisioning, key rotation, health checks, JWKS, and queryable audit events are built in.
Integration path
- 1Create a client with the admin API and save the returned API key.
- 2Choose cookie mode for browser sessions or token mode for native, CLI, SSR, and API clients.
- 3Authenticate users through signup, login, OAuth, magic links, TOTP, or passkeys.
- 4Validate access tokens in your product APIs with JWKS, gRPC, or the Go validator package.
Production login request
Token transport returns a refresh token in JSON for non-browser clients. Browser clients can omit token_transport and use the HttpOnly cookie.
curl -X POST https://authservice.ayushojha.com/api/auth/login \
-H "X-API-Key: $AUTH_SERVICE_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com",
"password": "correct-horse-battery-staple",
"token_transport": "json"
}'