Authentication
JWT, OAuth, 2FA, Magic Links — every auth pattern your SaaS needs.
JWT + Refresh Tokens
15-minute access tokens with 7-day refresh token rotation. Bcrypt-hashed storage.
Google OAuth
One-click Google login via Passport.js. Auto-links to existing accounts.
Two-Factor Authentication
TOTP-based 2FA with QR code setup and 8 backup codes. Enforced at login.
Magic Links
Passwordless login via email. 10-minute expiry, single-use tokens.
Account Security
Account lockout after 5 failed attempts. Password reset with expiring tokens.
Email Verification
24-hour verification tokens. Beautiful email templates via Resend.