Auth Backend

Auth Backend is a production-ready authentication service built with Fastify, Supabase, and TypeScript. It provides a complete authentication solution with multiple login strategies, secure token management, and flexible deployment options.

Quickstart

Get your authentication backend running in minutes

Configuration

Configure environment variables and Supabase settings

API Reference

Explore the full REST API documentation

OAuth Guide

Set up Google and Apple Sign-In with PKCE

Features

Email & Password Auth

Secure user registration and login with Zod-validated inputs and strong password requirements

OTP / Passwordless

Send one-time passwords via email for frictionless, passwordless authentication

OAuth (Google & Apple)

Full OAuth 2.0 with PKCE flow for Google and Apple Sign-In — no client secrets required

JWT Token Management

Access and refresh tokens stored in secure HTTP-only cookies with automatic rotation

Password Reset

Secure, email-based password recovery with redirect links

Docker & Cloudflare

Deploy with Docker or as a Cloudflare Worker for serverless edge authentication

Tech Stack

Component	Technology
Framework	Fastify 4
Auth Provider	Supabase
Validation	Zod
Language	TypeScript
Testing	Vitest
Logging	Pino
Package Manager	pnpm

API Overview

All endpoints are prefixed with /api/v1/auth. The base URL depends on your deployment environment:

Development: http://localhost:8080/api/v1/auth
Production:  https://your-domain.com/api/v1/auth

Available endpoints

Method	Endpoint	Description	Auth Required
`GET`	`/health`	Server health check	No
`POST`	`/api/v1/auth/signup`	Register a new user	No
`POST`	`/api/v1/auth/login`	Email/password login	No
`POST`	`/api/v1/auth/login/otp`	Request OTP via email	No
`POST`	`/api/v1/auth/verify-otp`	Verify OTP code	No
`POST`	`/api/v1/auth/refresh`	Refresh access token	No (cookie)
`POST`	`/api/v1/auth/logout`	Log out current user	Yes
`POST`	`/api/v1/auth/forgot-password`	Request password reset	No
`POST`	`/api/v1/auth/reset-password`	Reset with new password	Yes
`GET`	`/api/v1/auth/oauth/:provider`	Get OAuth authorization URL	No
`POST`	`/api/v1/auth/oauth/:provider/callback`	Handle OAuth callback	No
`GET`	`/api/v1/auth/me`	Get current user profile	Yes
`POST`	`/api/v1/auth/validate-token`	Validate or refresh token	No

Error Format

All errors follow a consistent JSON format:

{
  "success": false,
  "error": {
    "message": "Human-readable error message",
    "code": "ERROR_CODE",
    "details": []
  }
}

Auth Backend uses Supabase as its authentication provider. You will need a Supabase project to use this service. See the Configuration guide to get set up.

Get Started

Authentication Guides

Deployment

Error Handling

Introduction

Auth Backend

Quickstart

Configuration

API Reference

OAuth Guide

Features

Email & Password Auth

OTP / Passwordless

OAuth (Google & Apple)

JWT Token Management

Password Reset

Docker & Cloudflare

Tech Stack

API Overview

Available endpoints

Error Format

Build docs developers (and LLMs) love

Get Started

Authentication Guides

Deployment

Error Handling

Documentation Index

​Auth Backend

Quickstart

Configuration

API Reference

OAuth Guide

​Features

Email & Password Auth

OTP / Passwordless

OAuth (Google & Apple)

JWT Token Management

Password Reset

Docker & Cloudflare

​Tech Stack

​API Overview

​Available endpoints

​Error Format

Build docs developers (and LLMs) love

Auth Backend

Features

Tech Stack

API Overview

Available endpoints

Error Format