About UniAuth

UniAuth is an independent identity provider in early access. We're building authentication the way we wanted it for our own projects: standards-first, self-hostable, with post-quantum cryptography baked in from day one rather than bolted on later.

Security isn't a feature

It's the floor. Every endpoint uses constant-time comparison, every token has Cache-Control: no-store, every session is signed with ML-DSA-44.

Privacy by default

Pairwise subject identifiers prevent apps from correlating users across services. No analytics, no ads, no data sales.

Standards over lock-in

OAuth 2.0, OpenID Connect, SAML 2.0, SCIM 2.0 — implemented to the letter so you can walk away whenever you want.

Built for self-hosting

Run it on your own infrastructure. The hosted offering and the self-hosted source are the same code.

By the numbers

Live figures from this deployment. Early access: counts will be small for now.

Early access

Organizations

10+

User accounts

Active OAuth apps

99.41%

Aggregate uptime · 30d

~72ms

Token endpoint p50 · 24h

Auth methods (password, passkey, TOTP, email, SMS, magic link)

How we work

Ship the spec

We don't ship half-implementations. If a page says we support back-channel logout, we support the whole OIDC 1.0 back-channel logout spec — signed JWT, aud/iss/events/nonce checks, session_id propagation.

Small blast radius

Each feature is behind its own permission. One broken admin panel can't leak user data; one misconfigured client can't take down the IdP.

Honest status

Our /status page shows real uptime from real probes. Our /trust page distinguishes self-attested from third-party-certified. If we haven't done something, we don't claim we have.

Want to try it?

Free to start. Open standards. Self-host when you outgrow the managed plan.