Drop-in Authentication
Add signup, login, password reset, email verification, and session management to any Go app with a few lines of code. GoAuth is a library you import — not a separate service to deploy.
Plug In Your Own Infrastructure
GoAuth uses interfaces for everything: storage, event backends, email/SMS delivery, and logging. Use the built-in GORM storage and worker pool, or implement the interface to bring Kafka, NATS, Redis, MongoDB, SendGrid, Twilio, or any custom provider.
Session or Stateless — Your Choice
Choose server-side sessions with optional cookie-cache for fast validation, or stateless JWT with nonce-based refresh token rotation. Both support 2FA challenges, org-scoped claims, and account lockout.
OAuth with PKCE
Built-in Google, GitHub, Microsoft, and Discord providers with automatic PKCE. Users sign in via OAuth and GoAuth handles account creation, linking, and token issuance.
Multi-Organization Support
Built-in organization module with roles (owner, admin, member), invitations with expiry, org-scoped JWT claims, and org switching. Build SaaS products without writing org management from scratch.
Event-Driven Hooks
Subscribe to before/after events on any operation. Multiple handlers per event with priority ordering, async processing via worker pool, retry policies, and dead letter queue. Intercept signups, enrich JWT claims, send notifications — all through events.
Add Auth to Your Go App Today
Three lines to initialize. Twelve modules to choose from. Every integration point is an interface you can swap.