Ezz-Auth

Authentication, simplified.

A next-generation authentication platform built for developers who demand security, simplicity, and speed.

Passwordless magic-link authentication. OAuth 2.0 flows. HTTP-only cookies. Zero tokens exposed to JavaScript.

BetaFreeNo limits

Get Started Documentation

Built for production from day one

Enterprise-grade security with developer-friendly APIs

Session Reliability

Server-validated auth sessions

Tokens Exposed

HTTP-only cookies only

0ms

Auth Response

Average validation latency

0min

Integration Time

From zero to authenticated

Security-first architecture

Every decision made with security as the primary concern

HTTP-only Cookies

Session tokens stored in HTTP-only cookies. Zero exposure to JavaScript. XSS attacks can't steal your tokens.

Passwordless Auth

Magic-link authentication eliminates password storage. No passwords means no password breaches.

Token Hashing

All tokens SHA-256 hashed before storage. Database breach doesn't expose usable tokens.

Server Validation

Every request validated server-side. No client-side auth state that can be manipulated.

App-Scoped Users

Users isolated per application. Cross-app data leakage prevented by design.

One-Time Codes

Authorization codes deleted after use. Replay attacks impossible.

How Ezz-Auth works

OAuth 2.0 style flow with passwordless magic-link authentication

User clicks sign in

Your app redirects to Ezz-Auth with your app_key and redirect_uri

Magic link sent

User enters email, receives a secure magic link (expires in 15 minutes)

Session created

User clicks link, Ezz-Auth creates HTTP-only session cookie

Auth code returned

User redirected back to your app with one-time authorization code

Token exchange

Your server exchanges code for session token using secret key

User authenticated

Fetch user info anytime with the session token. Done!

Simple integration

Add authentication to your app in minutes

Redirect to authorize

// Redirect user to Ezz-Auth
const url = new URL('/api/app/v1/authorize', 
  'https://ezz-auth.com');

url.searchParams.set('app_key', APP_KEY);
url.searchParams.set('redirect_uri', CALLBACK);

window.location.href = url.toString();

Exchange code for token

// In your callback handler
const { code } = req.query;

const res = await fetch('/api/app/v1/token', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${SECRET}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({ code }),
});

const { user, sessionToken } = await res.json();

Modern tech stack

Built with the latest technologies for performance and reliability

Next.js 16

React 19

TypeScript

Drizzle ORM

PostgreSQL

Neon

Resend

Tailwind CSS

Ready to secure your app?

Get started in minutes. No credit card required. Free during beta.

Create your first app Read the docs