Open Source

The Auth Platform Native to Go. Built for Any Stack.

An open-source authentication solution that scales with you. Embed it as a library in your Go app, or run it as a standalone auth server with any tech stack.

Get StartedGitHubView on GitHub

Two Ways to Build

Authula is designed to grow with your needs. Embed it as a library giving you full control via code, or deploy it via Docker as a centralised auth service for your entire backend.

Library Mode
Import directly into your Go application giving you full control via code.
  • Built-in Chi router for flexible request handling
  • Complete programmatic access to APIs, plugins, and service registry
  • Seamless integration with existing Go codebases
  • Customise compilation and build process
  • Unlock advanced capabilities unavailable in standalone mode
Standalone Mode
Run as a standalone service. Ideal for microservices and multi-language tech stacks.
  • Centralised auth service
  • Works with any tech stack
  • TOML-based configuration
  • Scales independently
  • Docker & K8s ready

Flexible Configuration

Whether you're embedding as a library or running as a server, Authula gives you full control over your authentication logic.

Library Configuration

Configure directly in Go. Compile-time checks ensures your config is always valid and consistent.

Standalone Configuration

Configure your server with a simple TOML file and change settings on the fly without recompiling. Perfect for dynamic environments.

Everything you need for Auth

Production-ready features that would take months to build yourself.

Email & PasswordPlugin

Secure authentication with Argon2 hashing, email verification, password reset, and change email flows.

Social OAuthPlugin

Connect with Discord, GitHub, Google, and more. Extensible provider system.

Multiple Databases

First-class support for SQLite, PostgreSQL and MySQL.

Secondary StoragePlugin

Redis/Key-Value support for high-performance sessions and rate limiting.

Enhanced SecurityPlugin

Built-in CSRF protection, secure session management, and configurable rate limiting.

Minimal Dependencies

Standard library first design, powered by Chi for routing. Production-ready and framework-agnostic.

Webhooks

Easily create custom plugins and connect their API endpoints as webhooks. Flexible integration for any workflow or event.

Engineered for Performance

Authula brings the power of Go to authentication. Experience unmatched speed, efficiency, and flexibility compared to other solutions.

Feature
Authula
Others
Runtime Performance
Blazing fast (Compiled Go)
Runtime overhead (Node.js/TS)
Memory Footprint
Minimal (Native binaries)
Heavy (Node.js runtime)
Deployment
Single static binary
Complex node_modules & runtime
Architecture
Library + Standalone Server
Mostly framework-bound
Type Safety
Native Go Type Safety
Transpiled TypeScript
Concurrency
Power of Goroutines
Single-threaded Event Loop

Blazing Fast

Go's compiled nature means sub-millisecond response times for authentication flows, even under heavy load.

Memory Efficient

Run your entire auth service with just a few megabytes of RAM. Perfect for edge deployments and cost-saving.

Truly Flexible

Not just for Go apps. Use it standalone and connect it with any web frontend such as React, Vue, and more.

Extensible Plugin System

Easily extend authentication flows with our plugin system—add custom logic, integrations, or providers with minimal effort.

Microservices Ready

Built for distributed systems—deploy as a lightweight service in your microservices architecture. Easily configure separate instances with different auth flows or plugins.

Security First

Built with Go's strong type safety and robust security features to keep your users and data protected.

Advanced Customisation

Sophisticated Hooks System

Inject custom logic at any stage of the request lifecycle. Hooks execute in deterministic order with powerful error handling and flow control.

Hook Execution Stages

OnRequest

First hook for every request

Before

Before route matching & handling

After

After handling, before response

OnResponse

Final stage after response

Deterministic Ordering

Hooks execute in guaranteed order: by stage, then order.

Error Handling

Hook errors are logged without stopping other hooks. Full control.

Flow Control

Set handled flag to skip remaining hooks at the same stage.

Plugin Filtering

Hooks execute selectively based on route metadata configuration.

Precise Control Over Request Flow

1

Plugin-Local Ordering

Order values are local to each plugin. No global conflicts.

2

Consistent Execution

Same hook order for every request. Predictable behavior.

3

Resilient Design

Errors logged, not thrown. Hooks never crash your app.

Example Hook Flow

OnRequest stage executes
Before hooks execute
Route handler processes request
After hooks execute
OnResponse stage finalises
Extensible Architecture

Powerful Plugin System

Compose authentication flows, extend functionality, and integrate business logic without forking the core. Build exactly what you need.

Built-in Plugins

Email/Password

OAuth2

CSRF

JWT

Bearer

Rate Limit

Modular Composition

Mix and match plugins to build exactly the auth system you need.

Hook System

Inject custom logic at request, before/after, and response stages.

Service Registry

Discover and use services from other plugins without tight coupling.

Custom Routes

Add new endpoints directly from your plugins.

Build Custom Plugins in Minutes

Simple Interface

Implement metadata, config, init/close, routes, hooks, and migrations.

Request Hooks

OnRequest, Before, After, OnResponse stages for precise control.

Access APIs

Use the Service Registry to obtain services from other plugins safely. No coupling, pure interfaces.

Learn Plugin Development

How Plugins Work

Plugins are isolated modules that register themselves with the core system. Each plugin can expose routes, hooks, and services, and can depend on or interact with other plugins through a safe registry.

Lifecycle & Extensibility

Plugins implement flexible interfaces each with their own capabilities and can register hooks for request/response stages. This allows you to extend or override authentication logic at any point.

Safe Service Registry

Plugins can publish and consume services via a registry, enabling powerful integrations without tight coupling. This keeps your codebase modular and maintainable.

Custom Endpoints & Logic

Easily add new API endpoints, business logic, or integrations by creating your own plugin. No need to fork or modify the core—just compose what you need.

Built Natively in Go

No complex frameworks or adapters needed. Authula works with the standard library and integrates seamlessly into your existing Go stack.

Standard Library Compatible

Works directly with net/http and http.ServeMux.

Type-Safe Context

Retrieve user data and claims with full type safety.

Zero Dependencies

Minimal external dependencies to keep your binary small.

Extensible Hooks

Hook into any stage of the auth pipeline with Go functions.

Open Source & Community Driven

Authula is seeking community collaboration and open-source contributions. Your involvement—sharing code, offering feedback, and support will help shape the future of authentication. Join us on this journey to build the most flexible, configurable, and more secure authentication solution for everyone.

100%Open Source
DiscordCommunity Support
GitHubGitHubPull Requests Welcome
GitHubStar on GitHubJoin Discord

Released under the Apache 2.0 License