All Case Studies

Developer Tools & Open Source

Open Source Authentication Framework

nauth-toolkit

Team

3+

Launch

Q2 2026

nauth-toolkit authentication framework

Overview

Why We Built It

After implementing auth across dozens of client projects — each with its own mix of MFA, social login, JWT strategies, and session management — we saw the same patterns repeated everywhere. The choice was always the same: accept SaaS vendor lock-in and per-user pricing, or stitch together scattered libraries and hope there are no gaps.

We extracted our battle-tested patterns into an open-source library. Not a service — a framework-agnostic TypeScript package that lives in your codebase, under your control. NestJS, Express, and Fastify supported out of the box, with every feature modular and optional.

Architecture

How It Works

A zero-dependency TypeScript core with framework adapters for NestJS (decorators + guards), Express (middleware), and Fastify (plugins). Passwords are hashed with Argon2id (OWASP recommended). JWT supports both RS256 and HS256 with automatic key rotation. Refresh token rotation includes reuse detection to block token theft.

MFA is fully pluggable: TOTP, SMS OTP, email OTP, and WebAuthn passkeys. Social auth for Google, Apple, and Facebook through a unified callback interface. CSRF protection and IP geolocation suspicious-login detection are built in — not afterthoughts.

Supported Frameworks

NestJSExpressFastify

Core Technologies

TypeScriptArgon2idRS256/HS256WebAuthnTOTPOAuth 2.0

Features

What's included

01

Multi-Factor Authentication

TOTP (authenticator apps), SMS OTP, email OTP, and WebAuthn passkeys. Pluggable strategies -- use one or combine several.

02

Social Authentication

Google, Apple, and Facebook OAuth with a unified callback interface. Add custom providers through the extensible adapter pattern.

03

JWT with Key Rotation

RS256 asymmetric and HS256 symmetric signing. Automatic key rotation, refresh token rotation with reuse detection, and configurable expiry.

04

Argon2id Password Hashing

OWASP-recommended password hashing with configurable memory, iterations, and parallelism parameters. Automatic hash migration on login.

05

Security Built-In

CSRF protection, IP geolocation for suspicious login detection, rate limiting hooks, and comprehensive audit logging interfaces.

06

Framework Agnostic

Pure TypeScript core with first-class adapters for NestJS, Express, and Fastify. Plugin architecture for extending to any Node.js framework.

Integrations

Social auth providers

Google

OAuth 2.0 integration with Google Sign-In. Supports ID token verification, profile data retrieval, and account linking.

Apple

Sign in with Apple support including email relay, name sharing preferences, and cross-platform compatibility.

Facebook

Facebook Login with configurable scopes, profile data mapping, and long-lived token exchange.

Read the Documentation nauth.dev

More Work

Explore other projects

Hospitality & FinTech

Automated Tip Management Platform

Tip Sheet

Read case study

Real Estate & SaaS

Commercial Rental Marketplace

Anyspaces

Read case study

Finance & Investment

Investment Portfolio Portal

QTECX

Read case study

Ready to build something great?

Free 30-minute consultation — no obligations, just honest advice.

Book a Free Consultation View Our Work
25+ Years Experience
5.0★ Google Rating
50+ Products Launched
100% Australian Owned