Identity infrastructure
for the quantum era
Open-source identity server with QAuth-to-QAuth instance federation — register once, authenticate everywhere. Native EUDI Wallet, OID4VP, and post-quantum cryptography. Headless-first, self-hostable.
#Deploy QAuth in 30 seconds
❯ docker run -p 3000:3000 qauth/auth-server
#Or use the TypeScript SDK
❯ npm install @qauth-labs/core
import { QAuth } from '@qauth-labs/core'
const auth = new QAuth({ domain: 'auth.yourapp.com' })
Platform
Built for what comes next
Everything you need to ship secure authentication — without locking yourself into a vendor or a dying standard.
Post-Quantum Crypto
ML-DSA-65 hybrid signatures with Ed25519 fallback. Crypto-agile architecture — swap algorithms without touching business logic.
Headless-First
Full REST API with no mandatory UI. Ship your own branded login experience, connect any frontend, or use our composable UI kit.
Instance Federation
A user registered on any QAuth instance can authenticate on yours — no re-registration, no custom integration. One identity across the entire QAuth network, gated by a proper consent screen.
TypeScript + Rust
Application logic in TypeScript for velocity. Performance-critical crypto in Rust via WASM/napi-rs — zero-copy, production-hardened.
Self-Hostable
One Docker command. Your infrastructure, your data, your compliance. No telemetry, no vendor lock-in, Apache 2.0 licensed.
Wallet Credentials
Native eIDAS 2.0 EUDI Wallet support via OID4VP and SIOPv2. Users authenticate with verifiable credentials — national IDs, diplomas, professional licences — no passwords, no forms.
Quickstart
Auth that gets out
of your way
Built for the next era of identity — federated QAuth instances, EUDI Wallets, and passkeys. Email/password is a migration path, not the destination.
Install the SDK
One package. TypeScript types included.
Initialize the client
Point to your QAuth instance — hosted or self-hosted.
Authenticate users
Passkeys, EUDI Wallets, and federated QAuth identities first. Email/password available for legacy migration.
import { QAuth } from '@qauth-labs/core'
const auth = new QAuth({
domain: 'auth.yourapp.com',
projectId: 'your-project-id',
})
// Passkey — passwordless, phishing-resistant
const { user, session } = await auth.signInWithPasskey()
// Instance federation — user from another QAuth server
const { user, session } = await auth.federateFrom({
issuer: 'auth.partner.com',
})
// EUDI Wallet — OID4VP credential presentation
const { user, session } = await auth.presentCredential({
descriptor: { id: 'eu.national-id' },
})
// email/password — available for legacy migration
const { user, session } = await auth.signInWithPassword({
email: 'user@example.com', password,
})
Hybrid signing flow
↓ Reference tokens with RFC 7662 introspection mitigate
the 3,309 B signature size during hybrid transition.
Security
Quantum-resistant
by architecture
Not a checkbox. A crypto-agile core that evolves with NIST standards — so your tokens stay secure when quantum computers arrive.
Level 3
NIST security level (192-bit)
FIPS 204
ML-DSA standard
0 LOC
Business logic changes to upgrade
Dual-sig
Classical + PQC composite
Deploy
Open-source,
self-hostable
QAuth is open-source and designed for self-hosting. A managed cloud offering is on the roadmap for Q2 2026.
Self-Hosted
Complete data sovereignty. Run on your own infrastructure — no telemetry, no phone-home. Apache 2.0 licensed.
❯ docker run -p 3000:3000 \
qauth/auth-server
Cloud Managed
Managed hosting with custom domains, zero DevOps, and a developer dashboard. Under active development.
Follow progress on GitHubReady to ship?
Stop maintaining auth. Build on verifiable credentials, identity wallets, and quantum-resistant cryptography — from day one.