🌍 Authentication at the Speed of Light - Globally distributed, zero-latency auth built on Cloudflare's edge
Core Capabilities: JWT Authentication | OAuth 2.0 Provider | SSO Sessions | Admin Management
Serverless authentication service that runs on Cloudflare Workers - simple, secure, and globally fast
Architecture | Schema | API
Built on Cloudflare Workers, your authentication runs in 300+ cities worldwide. Users get sub-10ms response times, no matter where they are.
No complex setup. No infrastructure management. Just deploy and use.
// That's it. Authentication in 3 lines.
const token = await auth.login(email, password);
const user = await auth.verify(token);
const session = await sso.createSession(user);Built with Domain-Driven Design and clean architecture principles:
- Domain Layer: Pure business logic
- Core Layer: Technical implementation (crypto, JWT, persistence)
- Services Layer: Edge-native workers
- PBKDF2 password hashing with Web Crypto API
- HS256 JWT tokens
- Secure session management
- Built-in rate limiting (coming soon)
# Clone the repository
git clone https://github.com/Deepractice/EdgeAuth.git
cd EdgeAuth
# Install dependencies
pnpm installAutomated deployment via GitHub Actions:
- Create a
release/v0.x.xbranch - Merge to
main - Deployment happens automatically!
Required GitHub Secrets:
CLOUDFLARE_API_TOKEN # Cloudflare API token with D1 and Workers permissions
GH_PAT # GitHub Personal Access Token with repo and workflow permissions
JWT_SECRET # Secret key for JWT signing (generate with: openssl rand -base64 32)
PLUNK_API_KEY # Plunk email service API keyAll secrets are automatically configured to Workers during deployment - no manual Cloudflare secret management needed!
One-command setup:
# Set up local environment (creates local DBs, runs migrations)
pnpm setup:local
# Start a worker
cd services/account-api && wrangler dev- ✨ Email/Username + Password Authentication
- 🔑 JWT Token Generation & Validation
- 🔐 Secure Password Hashing (PBKDF2)
- 🌍 Edge-Native Performance
- 📦 Cloudflare D1 Persistence
- 🎯 Clean REST API
- 📚 Full TypeScript Support
- 🔄 SSO Session Management
- 👨💼 Admin Management API
- 🔌 OAuth 2.0 Provider (complete)
- 📧 Email Verification
- 🔄 Password Reset Flow
- 🎨 Admin Dashboard (UI)
- 📦 SDK Libraries (JS/TS, Python, Go)
- ⚡ Refresh Token Support
- 🚦 Rate Limiting
- 🔗 OAuth Providers (GitHub, Google, etc.)
EdgeAuth uses a single database architecture with Cloudflare's native migration system:
┌─────────────────────────────────────────────────────┐
│ edgeauth-db (Single Database) │
│ • users table │
│ • sso_sessions table │
│ • oauth_clients, tokens tables │
└─────────────────────┬───────────────────────────────┘
│
┌─────────────┼─────────────────┐
▼ ▼ ▼
┌──────────────┐ ┌──────────────┐ ┌──────────────┐
│ Admin Worker │ │ SSO Worker │ │ OAuth Worker │
│ • User CRUD │ │ • Auth flow │ │ • OAuth 2.0 │
│ • Binds: DB │ │ • Binds: DB │ │ • Binds: DB │
└──────────────┘ └──────────────┘ └──────────────┘
edgeauth-db- All tables in one databaseusers- User accountssso_sessions- SSO sessionsoauth_clients,authorization_codes,access_tokens,refresh_tokens- OAuth
- ✅ Cloudflare native migrations (automatic tracking)
- ✅ Idempotent deployments
- ✅ Simplified management
- ✅ No cross-database complexity
📖 Read Full Architecture Docs →
POST /auth/register
Content-Type: application/json
{
"email": "user@example.com",
"username": "username",
"password": "securepassword"
}POST /auth/login
Content-Type: application/json
{
"account": "user@example.com", // email or username
"password": "securepassword"
}Response:
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"user": {
"id": "user_123",
"email": "user@example.com",
"username": "username"
}
}GET /auth/me
Authorization: Bearer <token># Run all tests
pnpm test
# Watch mode
pnpm test:dev
# Coverage
pnpm test:cipnpm typecheck# Format all files
pnpm format
# Check formatting
pnpm format:check| Category | Technology |
|---|---|
| Runtime | Cloudflare Workers |
| Database | Cloudflare D1 (SQLite) |
| Framework | Hono |
| Language | TypeScript 5.9+ |
| Build | tsup, Turbo |
| Test | Vitest + BDD (Cucumber) |
| Security | Web Crypto API (PBKDF2), JWT (HS256) |
| Monorepo | pnpm workspaces |
EdgeAuth/
├── migrations/ # Database migrations (Cloudflare native)
├── src/
│ ├── core/ # Technical core (crypto, JWT, persistence)
│ └── domain/ # Business logic (User, OAuth, SSO)
├── services/
│ ├── admin-api/ # Admin API
│ ├── account-api/ # User registration & login
│ ├── oauth-api/ # OAuth 2.0 Provider
│ └── sso-api/ # SSO authentication
├── .github/workflows/ # CI/CD pipelines
├── docs/ # Documentation
└── scripts/ # Development scripts
Contributions are welcome! Please read our Contributing Guide for details.
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
Proudly brought to you by Deepractice
Making AI your professional partner
🌐 Official Site | 🔧 GitHub | 📚 Documentation | 💬 Forum | 🎮 Discord
Scan to connect with Sean (Founder & CEO) on WeChat