BhariyaAuth is a modern, self-hostable Identity Provider (IdP) built to simplify authentication across all your platforms — websites, apps, APIs — under a single, seamless system.
It is designed with a clear goal:
Make authentication fast, secure, user-friendly, and inexpensive to run.
Most authentication systems today create friction:
- You log in once… and still need to log in again elsewhere
- Emails are confusing or unreliable
- Infrastructure is expensive and complex
- Each app needs its own auth system
✔ One login → all services ✔ Reliable email + retry systems ✔ Lightweight → low hosting cost ✔ One auth server → everything
- One account across all your services
- Works across websites, apps, and APIs
- No repeated logins
- Built in Go using Fiber
- Minimal overhead
- Designed for low latency + high throughput
-
Automatic retries for:
- OTP delivery
- email sending
- temporary failures
-
Users don’t get stuck due to transient issues
- Clear, human-readable emails
- Login alerts, OTPs, resets
- Context-aware messaging (device, IP, etc.)
- Not just request-based — weight-based
- Prevents abuse without hurting real users
- Device-based session tracking
- Revoke specific sessions
- Revoke all sessions instantly
- AES-GCM encrypted tokens (not JWT)
- CSRF protection
- OTP verification
- Token isolation by purpose
Client (Web/App)
↓
BhariyaAuth API
↓
PostgreSQL (users, devices)
↓
Redis (optional support)
↓
In-memory systems:
- OTP store
- Rate limiter
Step 1 → Enter name, email, password
Step 2 → Verify OTP
→ Account created
Step 1 → Choose login method:
• OTP
• Password
Step 2 → Verify
→ Logged in
Step 1 → Request reset
Step 2 → OTP + new password
→ Password updated
Step 1 → Request OTP
Step 2 → Verify
→ Access granted
- View all devices
- Revoke specific session
- Revoke all sessions
BhariyaAuth uses encrypted structured tokens instead of JWT.
- 🔒 Fully encrypted (not just signed)
- 🧩 Typed tokens (no misuse)
- ⚡ Stateless and fast
- Access Token (short-lived)
- Refresh Token (rotating)
- MFA Token
- SSO Token
- Sign-in / Sign-up Tokens
When a service uses BhariyaAuth:
- Login once → access everything
- Choose OTP or password
- Get notified on new logins
- Manage sessions easily
- repeated logins
- confusing emails
- blocked actions due to rate limits
No need to duplicate auth logic across apps.
- Minimal dependencies
- Efficient memory usage
- No forced horizontal scaling
-
Built-in:
- rate limiter
- OTP system
- retry logic
- Modular structure
- Easy to maintain
- Designed for extensibility
- Go (latest)
- PostgreSQL
- Redis (optional)
- Linux (recommended for UNIX sockets)
git clone https://github.com/BhaskarPanja93/BhariyaAuth.git
cd BhariyaAuthCreate your secrets:
SQLUser=...
SQLPassword=...
SQLDBName=...
SQLHost=...
SQLPort=...
RedisHost=...
RedisPort=...
AESGCMKey=your_32_byte_secret_key
go run main.gogo run main.go -bind /tmp/bhariya.sock/auth/api/
| Module | Purpose |
|---|---|
/signup |
Register users |
/signin |
Login |
/password-reset |
Reset password |
/session |
Manage sessions |
/mfa |
Multi-factor auth |
/sso |
SSO authentication |
- AES-GCM encryption (confidential + integrity)
- CSRF protection (double-submit)
- Token-type enforcement
- Device-based sessions
- OTP expiration + retry limits
-
Low memory footprint
-
Efficient DB pooling
-
Minimal latency
-
Suitable for:
- small → medium scale without horizontal scaling
BhariyaAuth is actively evolving.
- Per device instead of per IP rate limiting
- Admin dashboard
- Better monitoring
Contributions are welcome but aren't guaranteed to be implemented.
You can help with:
- security improvements
- performance optimizations
- documentation
- integrations
BhariyaAuth is built to be:
Simple to run. Efficient to scale. Pleasant to use.
A single authentication layer for everything you build.