I’ve been building an open source authentication system called Seamless Auth.
It is designed the idea:
Authentication should behave like infrastructure, and help promote security, and be easy to reason about.
Seamless Auth is:
Fully open source
Passwordless only (WebAuthn, passkeys, OTP)
Cookie-based session validation
No redirect-based login flows
Designed to run inside your own infrastructure
The core is framework-agnostic, with adapters for Express today. There is also a React SDK that exposes authenticated session state without client-side token management.
It supports:
Server-side session validation
Explicit CORS and origin configuration
Isolated infrastructure model for you to self-host
A production-shaped local development flow with Docker
You can run it locally with 3 commands thanks to the open source CLI tool:
npx create-seamless my-app cd my-app docker compose up
This spins up a template UI (react), a template API (express), the auth server, and a database (postgres) complete with migrations.
The project grew out of frustration with:
Redirect-heavy OAuth flows
Shared multi-tenant auth servers
Magic SDKs that hide too much
Development environments that do not resemble production
and worst of all... forgetting my damn password!
The goal is not to replace everything. It is to offer a transparent, inspectable, infrastructure first alternative for teams that care about understanding their authentication layer.
I would appreciate feedback on:
Architecture decisions
Security assumptions
Developer experience
Tradeoffs I may be missing
Repository: Auth Server: https://github.com/fells-code/seamless-auth-api CLI: https://github.com/fells-code/create-seamless React SDK: https://github.com/fells-code/seamless-auth-react/tree/main Server SDKs: https://github.com/fells-code/seamless-auth-server
Documentation: https://docs.seamlessauth.com
Happy to answer questions.