Authentication
Complete auth system with email/password, OAuth providers, magic links, JWT tokens, row-level security integration, and multi-tenant user management.
Rach.Dev Authentication gives you a production-ready auth system that works out of the box. Support for email/password, OAuth providers (Google, GitHub, Apple, Microsoft), magic link passwordless login, and phone OTP is included from day one. Every authenticated user gets a JWT that automatically integrates with your database's row-level security policies, so authorization happens at the database layer rather than in scattered application code.
Multi-tenant user management is built into the core. You can create organizations, assign roles, and enforce permissions hierarchically. A user can belong to multiple organizations with different roles in each. Session management includes configurable token lifetimes, refresh token rotation, and the ability to revoke all sessions for a user instantly. We handle password hashing with Argon2id, rate limit login attempts, and detect credential stuffing automatically.
For developers, the authentication API is straightforward. A single function call signs users in, and JWT claims are automatically available in your RLS policies. Custom claims let you attach metadata like subscription tier or feature flags to tokens. Webhook events fire on signup, login, password reset, and account deletion so you can trigger downstream workflows without polling.
Key Benefits
- Email, OAuth, magic link, and phone OTP auth methods ready out of the box
- JWTs integrate directly with Postgres row-level security for database-layer authorization
- Multi-tenant user management with organizations, roles, and hierarchical permissions
- Argon2id password hashing, rate limiting, and credential stuffing detection included
- Custom JWT claims for attaching subscription tiers, feature flags, or metadata
- Webhook events on signup, login, password reset, and deletion for workflow automation