Hospitality & FinTech
Automated Tip Management Platform
Tip Sheet
Read case study
All Case Studies
Developer Tools & Open Source
Open Source Authentication Framework
nauth-toolkit
Team
3+
Launch
Q2 2026
Overview
Why We Built It
Authentication is one of the most critical pieces of any application, yet most Node.js developers face the same frustrating choice: use a third-party auth service and accept vendor lock-in and per-user pricing, or cobble together a custom solution from scattered libraries and hope you haven't left a security gap.
After implementing authentication across dozens of client projects -- each with its own combination of MFA, social login, JWT strategies, and session management -- we recognized the opportunity to extract our battle-tested patterns into a reusable, open-source framework. Not a service. Not a SaaS dependency. A library that lives in your codebase, under your control.
nauth-toolkit is framework-agnostic TypeScript authentication for Node.js. It supports NestJS, Express, and Fastify out of the box, with a plugin architecture that makes it extensible to any framework. Every feature is modular -- use what you need, ignore what you don't.
Architecture
How It Works
The core library is a pure TypeScript package with zero framework dependencies. Framework-specific adapters for NestJS, Express, and Fastify wrap the core, providing idiomatic integration patterns -- decorators and guards for NestJS, middleware for Express, and plugins for Fastify.
Password hashing uses Argon2id, the current state-of-the-art algorithm recommended by OWASP. JWT support includes both RS256 (asymmetric) and HS256 (symmetric) signing strategies with automatic key rotation. Refresh token rotation with reuse detection prevents token theft attacks while maintaining seamless session continuity.
Multi-factor authentication is comprehensive: TOTP (authenticator apps), SMS OTP, email OTP, and WebAuthn passkeys are all supported as pluggable MFA strategies. Social authentication covers Google, Apple, and Facebook with a unified callback interface. CSRF protection and IP geolocation are built-in security layers.
Supported Frameworks
NestJSExpressFastify
Core Technologies
TypeScriptArgon2idRS256/HS256WebAuthnTOTPOAuth 2.0
Features
What's included
01
Multi-Factor Authentication
TOTP (authenticator apps), SMS OTP, email OTP, and WebAuthn passkeys. Pluggable strategies -- use one or combine several.
02
Social Authentication
Google, Apple, and Facebook OAuth with a unified callback interface. Add custom providers through the extensible adapter pattern.
03
JWT with Key Rotation
RS256 asymmetric and HS256 symmetric signing. Automatic key rotation, refresh token rotation with reuse detection, and configurable expiry.
04
Argon2id Password Hashing
OWASP-recommended password hashing with configurable memory, iterations, and parallelism parameters. Automatic hash migration on login.
05
Security Built-In
CSRF protection, IP geolocation for suspicious login detection, rate limiting hooks, and comprehensive audit logging interfaces.
06
Framework Agnostic
Pure TypeScript core with first-class adapters for NestJS, Express, and Fastify. Plugin architecture for extending to any Node.js framework.
Integrations
Social auth providers
OAuth 2.0 integration with Google Sign-In. Supports ID token verification, profile data retrieval, and account linking.
Apple
Sign in with Apple support including email relay, name sharing preferences, and cross-platform compatibility.
Facebook Login with configurable scopes, profile data mapping, and long-lived token exchange.