02 / Case Study

AuthPlug

A plug-and-play authentication service developers can drop into any application via REST API, with 2FA included out of the box.

View Live App ↗
Live2023Personal Project

Type

SaaS / API Service

Stack

Next.js · Node.js · PostgreSQL

Auth

JWT · TOTP 2FA · Sessions

Status

Live

🔐

Authentication, solved.

Drop-in auth for any stack · REST API · 2FA included

Get API Key
View Docs

The Problem

Developers rebuild authentication from scratch on every project.

Registration, login, password reset, email verification, JWT token management, session expiry, two-factor authentication. Every new application needs all of this. And most developers build it from scratch every time, spending days on a problem that's already been solved thousands of times.

Existing solutions either require vendor lock-in (Auth0, Clerk) with high per-user pricing at scale, or they're incomplete libraries that still leave the developer responsible for integrating all the pieces correctly.

AuthPlug was built to offer a third path: a self-hostable, framework-agnostic service that you integrate once via REST API and never think about again.

The Approach

One API call to register. One to log in. Everything else handled.

AuthPlug exposes a clean REST API that any application can call, regardless of the framework it uses. The calling application never stores passwords or tokens directly; AuthPlug handles all credential management and returns short-lived JWTs with configurable expiry. 2FA is opt-in per user and uses TOTP, compatible with any authenticator app.

POST /auth/register

{
  "email": "user@example.com",
  "password": "••••••••••••"
}

// Response
{
  "token": "eyJhbGciOiJIUzI1...",
  "user": { "id": "usr_01...", "email": "..." },
  "expiresIn": 3600
}

Screens

Clean flows for developers and end users.

Developer Dashboard

authplug.vercel.app

My Project

Active

API Key

ap_live_xKj8mN2pQr...

Registered users1,240
Active sessions89
2FA enabled312

Login Flow

authplug.vercel.app

Sign In

Email

Password

Sign In

Forgot password?

2FA Setup

authplug.vercel.app

Enable 2FA

Scan with any authenticator app

Or enter code manually

JBSW Y3DP EHPK 3PXP

4

Key Features

Full auth, zero setup time.

REST API

Clean, documented endpoints for registration, login, logout, token refresh, and user management. Works with any frontend or backend.

TOTP Two-Factor Auth

TOTP-based 2FA compatible with Google Authenticator, Authy, and any RFC 6238 compliant app. Opt-in per user.

JWT Token Management

Stateless authentication using signed JWTs with configurable expiry, automatic refresh, and revocation support.

Session Handling

Persistent sessions with device tracking, concurrent session limits, and forced logout from all devices.

Password Reset Flow

Secure password reset via time-limited email tokens, with configurable expiry and rate limiting to prevent abuse.

Developer Dashboard

API key management, user analytics, session monitoring, and integration health checks in a single dashboard.

Conclusion

Authentication should be a solved problem.

AuthPlug was built out of frustration. Every new project I started required the same authentication setup: register, log in, reset password, generate tokens, handle expiry, add 2FA if required. It's boilerplate, and yet every team rebuilds it from scratch.

The goal with AuthPlug was to make it genuinely drop-in. Not a library that still requires configuration and wiring. A running service that accepts HTTP calls and returns working auth tokens. A developer should be able to add full authentication to an application in under an hour.

Building it also deepened my understanding of security principles around credential storage, token signing, TOTP time windows, and safe password reset flows. These aren't things you encounter at depth unless you build the system yourself.

View Live App ↗← Back to Portfolio