AuthVital Documentation¶
AuthVital is a B2B Identity Provider platform with OAuth 2.0/OIDC compliance, multi-tenancy, role-based access control, licensing, SSO, and MFA.
📚 Documentation Index¶
Getting Started¶
- Installation & Deployment - Set up AuthVital
- Quick Start Guide - Integrate in 5 minutes
- Configuration Reference - Environment variables
Core Concepts¶
- Architecture Overview - System design & components
- Multi-Tenancy - Tenant isolation & membership
- OAuth 2.0 / OIDC Flows - Authorization & authentication
- Licensing System - Per-seat, tenant-wide, free modes
- Access Control (RBAC) - Roles & permissions
SDK Integration¶
- Setup Guide - Full integration walkthrough
- Server SDK - Node.js/Backend integration
- Client SDK (React) - React hooks & components
- Identity Sync - Mirror identities to your database
- Webhooks Documentation:
- Webhooks Overview - Getting started with webhooks
- Event Types & Payloads - All events with TypeScript types
- Event Handler Reference - AuthVitalEventHandler class
- Framework Examples - Express, Next.js, NestJS
- Manual Verification - Low-level RSA verification
- Best Practices - Error handling, idempotency, testing
API Reference¶
- Authentication API - Login, register, MFA
- OAuth Endpoints - /authorize, /token, /userinfo
- Tenant API - Tenant & member management
- User API - User management
- Licensing API - Subscriptions & assignments
Administration¶
- Super Admin Guide - Instance administration
- Application Setup - OAuth app configuration
- Tenant Administration - Managing tenants
Security¶
- Multi-Factor Authentication - TOTP setup & policies
- Single Sign-On (SSO) - Google & Microsoft configuration
- Security Best Practices - Recommendations
Reference¶
- Data Models - Entity relationships
- JWT Claims - Token structure & scopes
- Error Codes - Error handling reference
Quick Links¶
| I want to... | Go to... |
|---|---|
| Get a complete integration guide | Setup Guide |
| Integrate AuthVital into my app | Quick Start Guide |
| Understand the OAuth flow | OAuth 2.0 / OIDC Flows |
| Understand webhook events | Event Types & Payloads |
| Sync users to my database | Identity Sync Guide |
| Handle webhooks | Webhooks Guide |
| Configure SSO | SSO Configuration |
| Deploy to production | Installation & Deployment |
Architecture at a Glance¶
┌─────────────────────────────────────────────────────────────────────────────┐
│ Your Application │
├─────────────────────────────────────────────────────────────────────────────┤
│ ┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐ │
│ │ React Client │ │ Node.js API │ │ Your Database │ │
│ │ (@authvital/ │ │ (@authvital/ │ │ (User Sync) │ │
│ │ sdk/client) │ │ sdk/server) │ │ │ │
│ └────────┬────────┘ └────────┬────────┘ └────────▲────────┘ │
│ │ │ │ │
│ │ OAuth Flow │ JWT Validation │ Webhooks │
│ │ │ │ │
└───────────┼──────────────────────┼──────────────────────┼───────────────────┘
│ │ │
▼ ▼ │
┌─────────────────────────────────────────────────────────┴───────────────────┐
│ AuthVital Platform │
├─────────────────────────────────────────────────────────────────────────────┤
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ OAuth │ │ Tenants │ │ Licensing │ │ Webhooks │ │
│ │ Server │ │ & Users │ │ Engine │ │ System │ │
│ └──────────────┘ └──────────────┘ └──────────────┘ └──────────────┘ │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ SSO │ │ MFA │ │ RBAC │ │ Admin │ │
│ │ Providers │ │ (TOTP) │ │ Engine │ │ Panel │ │
│ └──────────────┘ └──────────────┘ └──────────────┘ └──────────────┘ │
└─────────────────────────────────────────────────────────────────────────────┘
Tech Stack¶
| Component | Technology |
|---|---|
| Backend | NestJS, Prisma, PostgreSQL |
| Frontend | React, Vite, Tailwind CSS |
| SDK | TypeScript (ESM + CJS) |
| Auth | OAuth 2.0, OIDC, PKCE, JWT |
| Security | bcrypt, TOTP (otplib), JOSE |
Support¶
- GitHub Issues: Report bugs and request features
- SDK Package:
npm install @authvital/sdk