VoidAuth is an open-source Single Sign-On (SSO) provider designed for self-hosted environments, enabling secure authentication across multiple internal applications through OpenID Connect (OIDC) and reverse proxy ForwardAuth. It eliminates the need to manage separate logins for each service by acting as a centralized authentication gateway, ideal for developers and DevOps teams running personal or small-team infrastructure. Built with TypeScript and containerized via Docker, it supports modern authentication methods like passkeys and email-based user management while offering a clean admin interface for user and group control.
The tool is purpose-built for users who want full ownership of their authentication stack without relying on third-party SaaS solutions. It integrates with common reverse proxies like Caddy, Traefik, or Nginx and uses PostgreSQL or SQLite for secure, encrypted-at-rest storage. While not audited and relying on third-party libraries like node-oidc-provider and SimpleWebAuthn, it provides a practical, low-friction entry point for self-hosted SSO with minimal setup overhead.
What You Get
- OpenID Connect (OIDC) Provider - Implements full OIDC 1.0 standard to act as an identity provider for any application supporting OAuth2/OIDC, allowing seamless login integration with services like Nextcloud, Portainer, or custom web apps.
- Proxy ForwardAuth - Supports reverse proxy authentication via HTTP headers (e.g., for Caddy, Nginx) to protect non-OIDC-aware applications by forwarding authentication state without requiring app modifications.
- User and Groups Management - Administrators can create, disable, and assign users to groups via the web-based admin panel for fine-grained access control across services.
- User Self-Registration and Invitations - Users can sign up themselves or be invited via email by admins, with invitation links expiring after use to maintain security.
- Passkeys and Passkey-Only Accounts - Enables passwordless login using WebAuthn (passkeys) and allows administrators to enforce passkey-only authentication for enhanced security.
- Customizable Branding - Admins can upload custom logos, change title text, and modify theme colors to match their organization’s branding or personal preferences.
- Secure Email-Based Password Reset - Users can reset passwords via encrypted email links with verification, reducing reliance on insecure password recovery methods.
- Encryption-At-Rest with Postgres or SQLite - Sensitive data like credentials and tokens are encrypted in the database using configurable storage backends, with PostgreSQL recommended for production.
Common Use Cases
- Building a self-hosted productivity suite - A developer running Nextcloud, Grafana, Portainer, and Radarr on a home server uses VoidAuth to provide unified SSO access so users log in once and gain access to all services without separate credentials.
- Securing internal tools with passkeys - A small DevOps team replaces password-based logins to their internal dashboards with passkeys on company-issued devices, reducing phishing risk and eliminating password management overhead.
- Problem → Solution flow: Managing 10+ apps with scattered logins → Centralized SSO - Before VoidAuth, team members had to remember 10 different passwords for internal tools. After deployment, they authenticate once via VoidAuth’s login portal and are automatically authorized across all OIDC-enabled apps.
- Team/workflow scenario: DevOps teams managing microservices across multiple cloud providers - Teams deploying apps to AWS, DigitalOcean, and local VMs use VoidAuth as a consistent authentication layer across environments, reducing configuration drift and simplifying audit trails via centralized user logs.
Under The Hood
VoidAuth is a unified authentication platform designed to streamline user management, SSO integration, and secure login flows through modular architecture and extensible components. It supports OpenID Connect, passkey authentication, and customizable email workflows, making it a versatile solution for modern web applications.
Architecture
The system adopts a monolithic structure with clear separation between backend and frontend layers, enabling organized handling of API requests, business logic, and UI rendering.
- The architecture emphasizes modular component design and dependency injection for enhanced maintainability
- Business logic is decoupled from presentation layers, promoting reusability and scalability
- Well-defined API endpoints support extensible authentication flows and user management capabilities
Tech Stack
The project leverages a modern TypeScript ecosystem with Express and Angular for full-stack development, prioritizing type safety and structured code organization.
- Built with TypeScript, Express.js, and Angular to provide a robust and scalable foundation
- Key libraries include Zod for schema validation, OIDC-provider for secure authentication, and Knex.js for database operations
- Development tools such as esbuild, Husky, and lint-staged ensure fast builds and consistent code quality
- ESLint and Prettier are integrated to enforce coding standards and maintain clean, readable code
Code Quality
The codebase reflects a mixed state of quality with some structured practices but notable gaps in testing and consistency.
- Code linting and formatting tools are in place, contributing to a more maintainable codebase
- Error handling is implemented in key areas, though comprehensive test coverage remains limited
- Code style varies across modules, pointing to potential technical debt and inconsistency issues
- CI/CD pipelines are configured to support automated checks and deployment workflows
What Makes It Unique
VoidAuth distinguishes itself through its modular and extensible approach to authentication, combining OIDC support with passkey integration and customizable email templates.
- The platform enables flexible SSO configurations and seamless user management through a unified interface
- Passkey support adds modern, secure authentication options without sacrificing usability
- Extensible architecture allows developers to customize workflows and integrate with existing systems