Central authentication, by 2HAAS

One login for every application you build

Authly handles registration, login, MFA, and user profiles behind a single API. Your applications verify a signed token and get on with their job.

Every way to sign in
Passwords, magic links, and social login through Google, GitHub, Apple, and more. Developers bring their own provider keys or use ours.
One identity everywhere
A user carries one profile, one avatar, and all their emails and phone numbers across every application you connect.
MFA when it matters
Authenticator apps, SMS, and email codes. Enforce it per application or let users choose.
Sessions in plain sight
Device, browser, IP, and location for every login. Users and developers can revoke any session remotely.

verify a token, any stack

import { createRemoteJWKSet, jwtVerify } from "jose";

const jwks = createRemoteJWKSet(
  new URL("https://api.authly.example/.well-known/jwks.json")
);

const { payload } = await jwtVerify(token, jwks, {
  issuer: "https://api.authly.example",
  audience: "your_client_id",
});
// payload.sub is the Authly user id

Works where your users are

Login with Authly follows the OpenID Connect standard. SPAs use PKCE, servers use a client secret, and platforms like WordPress connect through any generic OIDC plugin with a discovery URL.

https://api.authly.example/.well-known/openid-configuration