Authentication should be open.

Authentication is the most sensitive code in a B2B product, and almost none of it is open. The dominant managed services are proprietary black boxes; the open-source alternatives are heavy, opinionated, or built for a different decade.

What we believe

• Read the source. If you're going to hand a vendor your users' credentials, you should be able to audit every line that touches them.
• Self-host without ceremony. One docker compose file. No SaaS lock-in disguised as "open core".
• B2B from day one. Orgs, memberships, invitations, JWT templates, webhooks — without bolting them on later.
• A drop-in component, not a tutorial. Five minutes to a sign-in page on every framework we support.

What this is not

We're not chasing identity-platform breadth. authn.sh is opinionated about what it covers: human user authentication for B2B SaaS. SCIM, IGA, machine identity, and consumer social-everything are out of scope on purpose.

The long version of this page is in flight. v0.1 is the placeholder.