ScalixScalix Docs
Sign up

Authentication

End-user authentication with email, OAuth, MFA, and session management

Overview

Scalix Auth provides complete user authentication for your applications. It includes signup/login flows, OAuth providers, multi-factor authentication, and session management — all accessible through the REST API or client SDK.

Quick Start

typescript
import { ScalixAuthClient } from "@scalix-world/auth";
 
const auth = new ScalixAuthClient({ url: "https://api.scalix.world" });
 
// Sign up
const { user, session } = await auth.signUp("user@example.com", "secure-password");
 
// Sign in
const result = await auth.signInWithPassword("user@example.com", "secure-password");
console.log(result.session.access_token);

Sign-In Methods

MethodDescription
Email/PasswordTraditional credentials with Argon2id hashing
Magic LinkPasswordless email link
Phone OTPSMS verification code
Google OAuthSign in with Google
GitHub OAuthSign in with GitHub
AnonymousGuest sessions that can be converted later
MFA (TOTP)Time-based one-time passwords

Token Lifecycle

TokenLifetimePurpose
Access Token1 hourAPI authentication (ES256 JWT)
Refresh Token7 daysObtain new access tokens
Verification Token1-24 hoursEmail/phone verification

Security

  • Password hashing: Argon2id with per-user salts
  • Account lockout: Configurable failed login threshold
  • TOTP encryption: AES-256-GCM for stored secrets
  • Recovery codes: One-time backup codes for MFA
  • Captcha: Cloudflare Turnstile integration for bot prevention