Seamless Auth – open-source passwordless authentication

I hope this finds you with your minds open!

I’ve been building an open source authentication system called Seamless Auth.

It is designed the idea:

Authentication should behave like infrastructure, and help promote security, and be easy to reason about.

Seamless Auth is:

Fully open source

Passwordless only (WebAuthn, passkeys, OTP)

Cookie-based session validation

No redirect-based login flows

Designed to run inside your own infrastructure

The core is framework-agnostic, with adapters for Express today. There is also a React SDK that exposes authenticated session state without client-side token management.

It supports:

Server-side session validation

Explicit CORS and origin configuration

Isolated infrastructure model for you to self-host

A production-shaped local development flow with Docker

You can run it locally with 3 commands thanks to the open source CLI tool:

npx create-seamless my-app cd my-app docker compose up

This spins up a template UI (react), a template API (express), the auth server, and a database (postgres) complete with migrations.

The project grew out of frustration with:

Redirect-heavy OAuth flows

Shared multi-tenant auth servers

Magic SDKs that hide too much

Development environments that do not resemble production

and worst of all... forgetting my damn password!

The goal is not to replace everything. It is to offer a transparent, inspectable, infrastructure first alternative for teams that care about understanding their authentication layer.

I would appreciate feedback on:

Architecture decisions

Security assumptions

Developer experience

Tradeoffs I may be missing

Repository: Auth Server: https://github.com/fells-code/seamless-auth-api CLI: https://github.com/fells-code/create-seamless React SDK: https://github.com/fells-code/seamless-auth-react/tree/main Server SDKs: https://github.com/fells-code/seamless-auth-server

Documentation: https://docs.seamlessauth.com

Happy to answer questions.