Version 3
A framework-agnostic TypeScript authentication library for Stanford Weblogin integration. Designed for serverless, stateless environments with security-first defaults and cookie-only sessions.
- Framework Agnostic: Works with Next.js, Express.js, and any Web API framework
- TypeScript First: Complete TypeScript implementation with strict typing
- Security Focused: Encrypted sessions, CSRF protection
- Serverless Ready: Cookie-only sessions, no server-side storage required
- Edge Compatible: Session validation in edge functions for ultra-fast performance
- Developer Friendly: Simple API inspired by Auth.js patterns
π Getting Started - Installation and basic setup for Next.js and Express.js
βοΈ Configuration - Complete configuration reference and environment variables
π Security - Security features, best practices, and threat protection
β‘ Edge Functions - Ultra-fast session validation in edge environments
π Advanced Usage - Custom implementations, performance optimization, and advanced patterns
π API Reference - Complete API documentation with examples
π Migration Guide - Migrating from v1.x and other authentication libraries
- SAML 2.0 signature validation
- Encrypted cookie sessions
- CSRF protection
- TypeScript-first with strict typing
- Framework-agnostic design
- Simple, intuitive API
- Comprehensive error handling
- Detailed logging with automatic PII redaction
- Serverless/stateless architecture
- Cookie-only sessions (no server storage)
- Comprehensive test coverage
GNU Version 3 License - see LICENSE for details.
Contributions are welcome! Please submit pull requests to our GitHub repository.
Security issues should be reported privately. Please do not open public GitHub issues for security vulnerabilities.
- π Documentation
- π Issues