Melody Auth

Melody Auth is turnkey OAuth & authentication system that can be seamlessly deployed on Cloudflare’s infrastructure, utilizing Workers, D1, and KV, or self-hosted with Node.js, Redis, and PostgreSQL. It provides a robust and user-friendly solution for implementing and hosting your own oauth and authentication system with minimal configuration required.

Why Melody Auth?

1. Self-Controlled

Server Setup (Cloudflare)
Server Setup (Node)
Mailer Setup
SMS Setup
Configurations

• Deploy the entire system within minutes, either using Cloudflare’s infrastructure or self-hosted with Node.js, Redis, and PostgreSQL.
• Minimize DevOps overhead by leveraging Cloudflare, or maintain full control with a self-hosted solution.
• Full access to the source code for customization and scalability.

2. Admin Panel

Admin Panel Setup

• Web interface for managing apps, users, scopes, and roles
• Serves as a simple implementation example using the React SDK and Server-to-Server REST API

3. Server-to-Server REST API

REST API Swagger

• Secure communication channel for backend services using client credentials token exchange flow
• Provides functionalities for managing apps, users, scopes, and roles with scope protection

4. React SDK

React SDK Guidance

• Enables smooth integration between React applications and the authentication server
• Implements Proof Key for Code Exchange (PKCE) for enhanced security

Features Supported

• OAuth 2.0:
  • Authorize
  • Token Exchange
  • Refresh Token Revoke
  • App Consent
  • App Scopes
  • User Info Retrieval
  • openid-configuration
• Authorization:
  • Sign-In
  • Sign-Up
  • Sign-Out
  • Email Verification
  • Password Reset
  • Role-Based Access Control (RBAC)
  • Localization How to support a new locale
• Social Sign-In:
  • Google Sign-In
  • Facebook Sign-In
  • GitHub Sign-In
• Multi-Factor Authentication How to setup MFA:
  • Email MFA
  • OTP MFA
  • SMS MFA
  • MFA Enrollment
• Policy How to trigger a different policy
  • sign_in_or_sign_up
  • change_password
  • change_email
• Mailer Option:
  • SendGrid
  • Mailgun
  • Brevo
  • STMP (Node.js environment only)
• SMS Option:
  • Twilio
• JWT Authentication:
  • RSA256 based JWT Authentication How to verify a SPA access token
  • JWT Secret Rotate How to rotate JWT secret
• Brute-force Protection:
  • Log in attempts
  • Password reset attempts
  • OTP MFA attempts
  • SMS MFA attempts
  • Email MFA attempts
  • Change Email attempts
• Logging:
  • Email Logs
  • SMS Logs
  • Sign-in Logs
• S2S REST API & Admin Panel:
  • Manage Users
  • Manage Apps
  • Manage Scopes
  • Manage Roles
  • View Logs
  • Localization

Screenshots

Authorization Screenshots
Admin Panel Screenshots

License

This project is licensed under the MIT License. See the LICENSE file for details.