onvibe.run

← All updates

Auth

User accounts for your app — without writing any auth

Rolling your own auth is where a lot of small apps quietly go wrong — a missing CSRF check here, a plaintext password there. So onvibe now does it for you, at the edge, before a single request reaches your code.

Choose a policy, done

Every app has an access policy: public (no login), signup (open registration) or allowlist (only approved emails). Flip it and the platform starts gating access for you — serving the login and sign-up pages, sessions, password reset and CSRF protection, all from the edge.

Because the check happens at the edge, unauthenticated traffic never even wakes your app's machine — bots bouncing off your login page cost you nothing.

The identity, delivered safely

Inside your app, currentUser() returns the signed-in end-user. The identity is injected and signed with your app's secret, so a neighbouring app on the internal network can't forge it. You just read who's calling and get on with your feature.

Manage everyone from one place

Create, import, update and remove users from the dashboard or over MCP, with bcrypt hashing and login rate-limiting built in. There's even a shared-password mode when you simply want to put a whole app behind one password for a while.

The result: real accounts — the kind your users expect — without a single line of auth code in your app.

📖Read the docs — User accounts & sign-in
Built with onvibe
🥗
Shared pantry tracker
Log groceries with expiry dates — the flat sees what to eat first.
See how it was made →
Build your own app on onvibe →← All updates