This project is a production-ready authentication system built to support multiple authentication processes and credential types, while maintaining strong security, scalability, and clean architecture.
The system is designed to seamlessly sync with different authentication methods such as local credentials, OAuth providers, and future authentication extensions without breaking core logic.
It provides a flexible authentication foundation suitable for web apps, mobile apps, and third-party integrations.
- Modular user identity and profile management
- Local authentication with multiple credential types (password, PIN, phone OTP, biometrics)
- OAuth authentication and account linking (Google for now) .
- Session and refresh token management
- Secure password hashing and account lockout protection
- Token revocation and logout handling
- Prisma-powered database schema with migrations
- Type-safe database access with Prisma Client
- Users: core identity, independent of credentials
- User Profiles: stores personal info like name, gender, avatar
- Auth Credentials: stores login methods, supporting multiple types
- OAuth Accounts: links external authentication providers
- Auth Sessions: tracks active sessions and devices
- Refresh Tokens: long-lived tokens for issuing new access tokens
The system follows industry-standard backend design principles, separating identity, authentication, and authorization.
- Runtime: Node.js
- Language: TypeScript
- Framework: Express.js
- Database: PostgreSQL
- ORM: Prisma
- Authentication: Local Auth + OAuth
- Node.js v20+
- PostgreSQL v15+
- npm
# Clone repository
git clone https://github.com/tolulope23-ops/Auth_Services.git
cd auth
# Install dependencies
npm install