Passwordless authentication.

Secure by design, built for developers. Integrate passkeys, magic links, and social login in minutes.

Get started
authorize.js
import * as client from 'openid-client'


const config = await client.discovery(
  new URL('https://{tenant-id}.authalla.com'),
  'client_123',
)
const codeVerifier = client.randomPKCECodeVerifier()
const codeChallenge = await client.calculatePKCECodeChallenge(codeVerifier)
const state = client.randomState()


const authorizationUrl = client.buildAuthorizationUrl(config, {
  response_type: 'code',
  client_id: 'client_123',
  redirect_uri: 'https://app.example.com/oauth/callback',
  scope: 'openid profile email',
  state,
  code_challenge: codeChallenge,
  code_challenge_method: 'S256',
})


console.log(authorizationUrl.href)

Introduction

Getting started

Authalla is a multi-tenant authentication platform that provides passwordless sign-in with passkeys and magic links, enterprise SSO, social login, and full OAuth2/OIDC compliance — so you can ship secure authentication without building it yourself.

Installation

Create an OAuth2 client, configure redirect URIs, and start OAuth2 flows.

Authentication overview

Understand Authalla authentication flows, tokens, and session lifecycle.

Branding & theming

Match the login experience to your product.

What is Authalla?

Authalla is an OAuth2 and OpenID Connect authentication provider designed for modern applications. It handles user authentication, session management, and identity federation so your team can focus on building your product.

Key capabilities include:

  • Passwordless authentication — passkeys (WebAuthn/FIDO2), magic links, and PIN codes. No passwords to store, steal, or reset.
  • Enterprise SSO — OIDC-based Single Sign-On with Microsoft Entra ID, Okta, Google Workspace, and other identity providers. Unlimited connections at flat monthly pricing.
  • Social login — Google, GitHub, Apple, and Microsoft sign-in with one-click setup.
  • Multi-tenancy — one account can manage multiple tenants, each with isolated user pools, branding, and custom domains.
  • OAuth 2.1 compliant — authorization code flow with PKCE, refresh tokens, and standard scopes.
  • SCIM provisioning — automated user lifecycle management for enterprise customers.
  • Developer tools — CLI, MCP server for AI assistants, and admin dashboard for managing everything.

Every feature is included in every plan with no per-connection fees for SSO or SCIM.

Quick start

Register an account at authalla.com, then pick the path that suits you best.

Connect Authalla's MCP server to your AI assistant and let it handle the setup for you — creating OAuth2 clients, configuring redirect URIs, branding, custom domains, and more.

Claude Code:

claude mcp add authalla https://login.authalla.com/mcp

Claude Desktop, VS Code, Cursor — add the MCP server URL in settings:

https://login.authalla.com/mcp

Once connected, just tell your assistant what you need:

> Create an OAuth2 client for my Next.js app on localhost:3000
> Set up a custom domain auth.example.com
> Configure Google social login

See MCP server for full setup instructions.

Set up manually

  1. Create an OAuth2 client in the Admin Dashboard — a default tenant is already set up for new accounts.
  2. Add redirect URIs on the client and configure allowed origins in Tenants → (select tenant) → API.
  3. Integrate with your app — redirect users to the Authalla authorization endpoint with PKCE:
https://{tenant-id}.authalla.com/oauth2/authorize
  ?response_type=code
  &client_id=your_client_id
  &redirect_uri=https://app.example.com/oauth/callback
  &scope=openid profile email
  &code_challenge=...
  &code_challenge_method=S256
  1. Exchange the authorization code for tokens at /oauth2/token.

For a detailed walkthrough, see Installation.

Common tasks

Getting help

Need help? Email is the best way to reach us: [email protected].

Next
Installation