Get Started with Faable Auth
Faable Auth is a multi-tenant identity platform built around the OAuth 2.0 and OpenID Connect standards. You get social login, passwordless, enterprise SSO/SAML, RBAC, MFA, custom domains and audit logs out of the box — without writing or maintaining any of the protocol plumbing yourself.
How Faable Auth is structured
Four concepts are enough to model the whole product:
- Account — your auth tenant. Hosted at
https://<account>.auth.faable.linkor under your custom domain. - Connections — sources of users: database (email + password), social (Google, GitHub, Apple, Facebook…), passwordless, generic OIDC.
- Clients — the applications that drive an OAuth flow against your account.
- Users & Teams — identities created via your connections, grouped into teams with RBAC.
Prerequisites
- Create an account on the Faable Dashboard .
- Create an Auth Account (your tenant). Note the auth domain shown in the dashboard.
- Create a Client for your application. Save the Client ID and configure the Allowed Callback URLs (e.g.
http://localhost:3000/callbackfor local dev). - Enable at least one Connection — a social provider, passwordless, or database.
Your first sign-in
Pick the path that matches your stack.
Path A — use a Quickstart
The fastest way to add login to an existing app.
- Next.js Quickstart — App Router + client SDK with PKCE.
- React Native Quickstart — Expo + Faable Auth helpers.
Path B — roll your own using the SDK
Build directly on @faable/auth-js for a custom integration:
import { createClient } from "@faable/auth-js";
const auth = createClient({
domain: "your-tenant.auth.faable.link",
clientId: "<your_client_id>",
});
await auth.signInWithOauthConnection({
redirectTo: "https://app.example.com/callback",
});The SDK handles the PKCE handshake, the redirect, and the token exchange. See the Authorization Code Flow for what happens under the hood.
What you can build
Once a user can sign in, Faable Auth gives you the building blocks for the rest of your identity experience:
| Feature | What it gives you |
|---|---|
| Change Email | Self-service email update with ownership verification (and optional double-confirmation). |
| Team Invitations | Invite users by email; existing users are added directly, unknowns get a magic link that creates their account on click. |
| Passwordless | Magic link or OTP login, no password to remember. |
| Actions | Run JavaScript in the auth flow to enforce rules or redirect through custom UI. |
| Webhooks | Signed HTTPS callbacks for user.created, user.updated, user.deleted, auth.login. |
| APIs | Register backend resource servers and define scoped permissions. |
| Logs | Audit email deliveries, webhook calls, and authentication events. |
| Custom Domain | Serve the login UI under your own branded domain with auto-renewed SSL. |
| OIDC Logout | RP-Initiated + Front-Channel logout across every signed-in application. |
| UserInfo | Standard claims endpoint, scope-gated per OIDC §5.4. |
SDKs and libraries
@faable/auth-js— client SDK for browsers and React Native (PKCE, session management, token refresh).@faable/auth-sdk— server-side SDK for Node.js (token verification, admin operations).@faablecloud/auth-helpers-react— React hooks for session and user state.
Pricing & limits
See Auth pricing for MAU allowances and per-feature gating, and the unified platform pricing for plans and support tiers.