Open Source2022·Core Author

Cipher Auth SDK

Zero-trust authentication for modern web applications

TypeScriptOAuthWebAuthn

View Code

50K+

Weekly Downloads

1.2K

GitHub Stars

Auth Methods

12KB

Bundle Size

Overview

Cipher Auth is a developer-first authentication SDK that brings zero-trust security principles to web applications of any scale. It supports WebAuthn biometrics, hardware security keys, and traditional credential flows.

The SDK handles the full OAuth 2.0 and OIDC lifecycle — authorization code flow, PKCE, token rotation, and silent refresh — with a clean, framework-agnostic API that integrates in minutes.

Security-first design means tokens are never stored in localStorage, refresh tokens are rotated on every use, and all cryptographic operations use the Web Crypto API.

Key Features

WebAuthn / FIDO2 biometric and hardware key support
OAuth 2.0 + OIDC with PKCE and silent token refresh
Automatic JWT rotation with sliding session windows
Framework adapters for React, Vue, and Svelte
Built-in CSRF protection and secure cookie handling
Comprehensive TypeScript types and JSDoc coverage

Engineering Challenges

Abstracting WebAuthn's complex ceremony flow into a simple two-method API

Ensuring token refresh is race-condition-free across multiple browser tabs

Keeping the bundle under 15KB while supporting 8 authentication methods

More Projects

NexaCloud Platform

DataStream API

All Projects