Open beta — bring your own OAuth credentials

The free, LLM-friendly
Auth0 alternative.

Drop-in identity for your apps. Bring your own Google, GitHub or OIDC credentials — users see your brand, not ours.

Try out test response arrow-right

How AuthCog works

One identity provider, every protocol. Connect any number of relying sites under your account.

globe

One subdomain per site

Each app gets {name}.authcog.com with its own JWT secret, providers and consent screen.

plug

Any provider

Built-in Google, Facebook, GitHub, Microsoft. Custom OAuth2/OIDC via JSON. SAML through BoxyHQ.

shield-check

Per-site consent

Users explicitly authorize each relying site. GDPR-friendly, audit-ready.

Sign in with one redirect

Send users to AuthCog, get them back with a verified identity. No SDK required.

# 1. Send the user to AuthCog, tagged with your domain
redirect_to 'https://auth.authcog.com/domain:your-domain.com'

# 2. After login, AuthCog redirects back to your site:
#    https://your-domain.com/authcog?callback=
#    The hash is single-use and expires in 5 minutes.

# 3. In your /authcog handler, exchange the hash for the identity
user = JSON.parse RestClient.get("https://auth.authcog.com/domain:your-domain.com?user=#{callback}")
# => { "email"=>..., "name"=>..., "avatar"=>..., "provider"=>... }

Free for everyone.

No plans, no limits. Point to our auth domain, go.