Open-source authentication infrastructure for B2B and B2B2C products.
This public repository contains the Rust API, the TypeScript SDKs and adapters, and the lightweight embedded web client used by the standalone Linux bundles. The larger internal multi-tenant operations dashboard is not part of this repo.
| Path | Description |
|---|---|
| api/ | Rust API and standalone binaries (sso_sqlite, sso_psql, sso_mysql). |
| lite-web-client/ | Embedded setup and end-user journey UI served directly by the API binary. |
| sso-sdk/ | Framework-agnostic TypeScript SDK. |
| packages/authos-react/ | React and Next.js adapter package. |
| packages/authos-vue/ | Vue 3 and Nuxt adapter package. |
| packages/authos-node/ | Node.js server adapter package. |
| packages/authos-cli/ | Scaffolding CLI package. |
| scripts/authos-standalone/ | Standalone Linux installer sources bundled into release artifacts. |
| scripts/authos-bootstrap/ | Release bundle builder for compressed standalone artifacts. |
The embedded lite client is the public-facing bootstrap surface for the standalone build. It is intentionally narrower than the internal admin dashboard.
It covers:
- hosted sign-in and sign-up journeys
- email verification and password reset flows
- invitation acceptance
- a single-platform setup workspace
- platform owner account and organization basics
- lightweight application and end-user management
- managed config editing through structured form fields
It does not expose the full internal multi-tenant operations surface.
AuthOS maintains source-verified Agent Skills for integration and operations workflows:
AuthOS can run without Docker and without Node.js on the target server.
The standalone SQLite bundle contains:
- the
authosbinary - the embedded lite web client
install.sh- the standalone installer helper
authos.config.example.json
The intended public release targets are:
linux/amd64linux/arm64
Tagged releases also publish Docker images for all three database backends on Docker Hub:
- SQLite default:
editoredit/sso:latest,editoredit/sso:vX.Y.Z,editoredit/sso:X.Y.Z - Explicit SQLite:
editoredit/sso:sqlite-latest,editoredit/sso:sqlite-vX.Y.Z,editoredit/sso:sqlite-X.Y.Z - PostgreSQL:
editoredit/sso:psql-latest,editoredit/sso:psql-vX.Y.Z,editoredit/sso:psql-X.Y.Z - MySQL:
editoredit/sso:mysql-latest,editoredit/sso:mysql-vX.Y.Z,editoredit/sso:mysql-X.Y.Z
Every v* release tag publishes the exact git tag alias and a compatibility alias without the leading v.
On a Linux host with systemd and python3:
curl -fsSL -o install.sh https://github.com/drmhse/AuthOS/releases/latest/download/install.sh
chmod +x install.sh
sudo ./install.shThe release installer detects amd64 vs arm64, downloads the matching standalone bundle,
extracts it, and runs the bundled installer.
If you want a specific release instead of the latest one:
AUTHOS_VERSION=v0.1.50
curl -fsSL -o install.sh "https://github.com/drmhse/AuthOS/releases/download/${AUTHOS_VERSION}/install.sh"
chmod +x install.sh
sudo AUTHOS_RELEASE_TAG="${AUTHOS_VERSION}" ./install.shTwo supported bootstrap modes:
- Zero-config install: run
sudo ./install.shwith no config file. AuthOS starts, prints a one-time bootstrap link, and the lite client opens the setup workspace at/app#setup. - File-driven install: copy
authos.config.example.jsontoauthos.config.json, edit it, then runsudo ./install.sh --config ./authos.config.json.
The setup workspace writes back to the managed config.json on disk and can queue a reload of the running service after changes are saved.
The standalone installer supports an optional Caddy front-end for domain-based deployments. Host-level install controls stay outside the web-editable config surface; once the local admin enables Caddy, the managed setup form can update the domain-facing configuration and trigger a safe reload.
Prerequisites for building standalone bundles locally:
- Node.js 18+
- Rust stable
cargo-zigbuildzigupxbinutils(objdump)
Install workspace dependencies:
npm installBuild a compressed standalone bundle:
npm run authos:binary -- --backend sqlite --platform linux/amd64
npm run authos:binary -- --backend sqlite --platform linux/arm64Artifacts are written to .authos/releases/.
The build path does three relevant things before emitting the archive:
- Vite tree-shakes the lite client production assets
- Rust builds with the size-focused release profile in api/Cargo.toml
upx --best --lzmacompresses the shipped binary and verifies the packed executable
The bundle builder also prints section and size information so the binary footprint can be checked before release automation is changed.
The release workflow lives in .github/workflows/release.yml.
It:
- builds the shared frontend assets once
- fans out the backend and architecture compiles in parallel for:
sqlitelinux/amd64sqlitelinux/arm64postgreslinux/amd64postgreslinux/arm64mysqllinux/amd64mysqllinux/arm64
- reuses those outputs for both standalone bundle publishing and Docker image publishing
- attaches the standalone bundles and checksums to tagged GitHub releases
- publishes multi-arch Docker images with exact tag aliases and compatibility aliases without the leading
v
Tag pushes matching v* publish both standalone assets and Docker images. workflow_dispatch still builds release inputs without requiring a tag.
If you want the raw API without the standalone installer:
cd api
cp .env.example .env
cargo run --releaseKeep PLATFORM_BASE_URL pointed at the embedded lite client unless you are
explicitly handing off to a separate full web client. With the default example
env, that means leaving it on http://localhost:3001.
For direct Cargo work, the API will still compile if lite-web-client/dist has not been built yet. In that case it embeds a placeholder page instead of failing the build.
Install only the package you need:
npm install @drmhse/authos-react
npm install @drmhse/authos-vue
npm install @drmhse/authos-nodeNuxt and Vue users can configure either baseURL or baseUrl; both are supported by the public adapter runtime.
Typical verification commands:
npm run build
npm run typecheck
cd api && cargo checkTo validate the standalone packaging path specifically:
npm --workspace lite-web-client run build
cargo check --manifest-path api/Cargo.toml --no-default-features --features db_sqlite --bin sso_sqlite
npm run authos:binary -- --backend sqlite --platform linux/amd64
npm run authos:docker:dist -- --backend sqliteAuthOS is split across two first-party license buckets:
- API: AGPL-3.0-only
- SDKs and packages: MIT
Vendored third-party code keeps its upstream notices in place under its own directory. See LICENSE for the repository licensing map.