Authentication Service v1
Standalone
Auth System
Secure email/password authentication with JWT access tokens, refresh-session rotation, and JWKS publishing. Plug into any frontend or backend.
Hashing
Argon2id
Signing
RS256
Access TTL
15 min
Refresh TTL
30 days
Key Format
JWKS
Cookie
HttpOnly
API Surface
7 endpointsPOST/api/v1/signupCreate account
POST/api/v1/loginAuthenticate
POST/api/v1/refreshRotate session
POST/api/v1/logoutRevoke session
GET/api/v1/meCurrent user
GET/api/v1/jwksPublic keys
GET/.well-known/way-auth-configurationDiscovery config
Security
Argon2id password hashing
RS256 JWT signing with key rotation
Hashed refresh tokens stored server-side
Session rotation on every refresh
Per-IP sliding window rate limits
Secure, HttpOnly cookie defaults
Integration
Works with Next.js, React, Convex
JWKS endpoint for any backend verifier
Access tokens kept in memory only
HttpOnly cookie for refresh persistence
Centralized auth logic, no vendor lock-in
Next.jsReactConvexAny JWKS consumer
