Skip to main content

Introduction

Welcome to AuthSec, a comprehensive multi-tenant authentication and authorization platform designed for modern applications.

What is AuthSec?

AuthSec provides enterprise-grade authentication, authorization, and user management capabilities through a suite of microservices. Whether you're building a SaaS application, mobile app, or enterprise system, AuthSec delivers the security infrastructure you need.

Core Capabilities

🔐 Authentication

  • Username/password authentication
  • Multi-factor authentication (WebAuthn, TOTP, SMS)
  • Social login and federated identity (OIDC, SAML)
  • Advanced flows (device authorization, CIBA, voice biometrics)

👥 User Management

  • Admin and end-user management
  • Multi-tenant isolation
  • User lifecycle operations (create, update, activate, deactivate)
  • Directory synchronization (Active Directory, Entra ID)

🔑 Authorization

  • Role-Based Access Control (RBAC)
  • Fine-grained permissions
  • Resource and scope-based authorization
  • Policy enforcement

🔌 Integration

  • RESTful APIs with OpenAPI/Swagger documentation
  • OAuth 2.0 and OpenID Connect support
  • WebAuthn/FIDO2 compliance
  • SDK support (Python, TypeScript)

Platform Architecture

graph TB
    Client[Client Application] --> UF[User Flow API]
    Client --> AM[Auth Manager]
    Client --> WA[WebAuthn Service]
    Client --> CM[Client Management]
    
    UF --> TDB[(Tenant Databases)]
    AM --> ADB[(Auth Database)]
    WA --> MDB[(MFA Database)]
    CM --> CDB[(Client Database)]
    
    UF -.-> AM
    WA -.-> AM
    
    style UF fill:#4A90E2
    style AM fill:#E24A4A
    style WA fill:#4AE290
    style CM fill:#E2D44A

Key Services

ServicePurposeBase Path
User Flow APIUser management, authentication/uflow
Auth ManagerToken generation, validation/authmgr
WebAuthn ServiceMFA operations/webauthn
Client ManagementOAuth client management/clientms

Multi-Tenant Architecture

AuthSec is built with multi-tenancy at its core:

  • Tenant Isolation: Each tenant has a separate database
  • Global Admin Users: Manage tenants and platform configuration
  • Tenant-Specific End Users: Isolated within their tenant
  • Cross-Tenant Security: Complete data segregation

Authentication Flows Overview

Basic Authentication Flow

sequenceDiagram
    participant User
    participant App
    participant UserFlow
    participant AuthManager
    
    User->>App: Enter credentials
    App->>UserFlow: POST /auth/login
    UserFlow->>UserFlow: Validate credentials
    UserFlow->>AuthManager: Request JWT token
    AuthManager->>App: Return access token
    App->>User: Authentication successful

MFA-Enhanced Flow

sequenceDiagram
    participant User
    participant App
    participant UserFlow
    participant WebAuthn
    participant AuthManager
    
    User->>App: Enter credentials
    App->>UserFlow: POST /auth/login
    UserFlow->>WebAuthn: Require MFA
    WebAuthn->>App: MFA challenge
    User->>App: Complete MFA
    App->>WebAuthn: Verify MFA
    WebAuthn->>AuthManager: Request token
    AuthManager->>App: Return access token

Quick Decision Guide

Choose your starting point:

I want to...Start here
Implement basic loginQuickstart Guide
Add MFA to my appMulti-Factor Authentication
Manage usersUser Management
Set up roles & permissionsAuthorization & Access Control
Integrate social loginAdvanced Authentication
Understand API patternsAPI Conventions

Base URLs

Development

https://dev.api.authsec.dev

Production

https://api.authsec.dev

Authentication Format

All API endpoints require Bearer token authentication:

GET /uflow/admin/users HTTP/1.1
Host: dev.api.authsec.dev
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

API Documentation Sources

Each API service provides interactive documentation:

Next Steps

  1. Quickstart Guide - Build your first authentication flow in 10 minutes
  2. Authentication Flows - Understand available authentication methods
  3. API Conventions - Learn common patterns and best practices

Support & Resources

Ready to get started? Continue to the Quickstart Guide