Authentication
End-user authentication with email, OAuth, MFA, and session management
Overview
Scalix Auth provides complete user authentication for your applications. It includes signup/login flows, OAuth providers, multi-factor authentication, and session management — all accessible through the REST API or client SDK.
Quick Start
typescript
import { ScalixAuthClient } from "@scalix-world/auth";
const auth = new ScalixAuthClient({ url: "https://api.scalix.world" });
// Sign up
const { user, session } = await auth.signUp("user@example.com", "secure-password");
// Sign in
const result = await auth.signInWithPassword("user@example.com", "secure-password");
console.log(result.session.access_token);Sign-In Methods
| Method | Description |
|---|---|
| Email/Password | Traditional credentials with Argon2id hashing |
| Magic Link | Passwordless email link |
| Phone OTP | SMS verification code |
| Google OAuth | Sign in with Google |
| GitHub OAuth | Sign in with GitHub |
| Anonymous | Guest sessions that can be converted later |
| MFA (TOTP) | Time-based one-time passwords |
Token Lifecycle
| Token | Lifetime | Purpose |
|---|---|---|
| Access Token | 1 hour | API authentication (ES256 JWT) |
| Refresh Token | 7 days | Obtain new access tokens |
| Verification Token | 1-24 hours | Email/phone verification |
Security
- Password hashing: Argon2id with per-user salts
- Account lockout: Configurable failed login threshold
- TOTP encryption: AES-256-GCM for stored secrets
- Recovery codes: One-time backup codes for MFA
- Captcha: Cloudflare Turnstile integration for bot prevention