tinyauth

A lightweight, self-hosted OpenID Connect (OIDC) Provider.

Features

• OIDC/OAuth2 Compliant - Authorization Code Flow with PKCE support
• Multiple Auth Methods - Password, Passkey/WebAuthn, Social Login (GitHub, Google, Apple, Generic OAuth)
• Two-Factor Authentication - TOTP and Passkey as 2FA
• Multi-language - English, Korean, Japanese
• Customizable UI - Themes, branding, background images, terms of service
• Database Support - PostgreSQL, SQLite
• Docker Ready - Production-ready container with health checks

Quick Start

docker run -p 8080:8080 -v ./config.yaml:/opt/config.yaml ghcr.io/tinyrack-net/tinyauth

Visit http://localhost:8080/.well-known/openid-configuration to verify the server is running.

Configuration

All configuration is done via config.yaml:

app:
  host: https://auth.example.com
  port: 8080

security:
  session_secret: <your-session-secret>
  hash_secret: <your-hash-secret>

database:
  type: sqlite
  path: data.db

basic_authentication_methods:
  password:
    enabled: true
  passkey:
    enabled: true

See documentation for full configuration options.

Development

pnpm install
pnpm dev

Examples

• examples/clients/nextjs-ssr - Next.js OIDC client
• examples/clients/react-spa - React SPA PKCE client
• examples/servers/cloudflare-hono-d1 - Cloudflare Worker deployment of @tinyauth/backend with the bundled TinyAuth frontend
• examples/servers/node-hono-sqlite - Node.js library-mode deployment of @tinyauth/backend with Hono, SQLite, and the bundled TinyAuth frontend

License

GNU AGPL v3