Introduction

What LoginWith is and when to reach for it.

LoginWith is SSO infrastructure shaped like HTML. One script tag loads the SDK, one <a href> signs users in. When you need tokens, sessions, and PKCE, the same SDK gives you those without any extra plumbing.

It speaks OAuth 2.0 + PKCE and OIDC on the wire, so every language and framework you already use works. LoginWith owns the identity provider fan-out (Google, GitHub, Microsoft, LinkedIn, GitLab, X, and more soon) — your app just consumes the resulting bearer token.

What LoginWith handles

PKCE generation, storage, and verification
JWKS rotation + caching, signature verification
Provider fan-out — you integrate with one API, get every provider
Branded login pages at <your-slug>.loginwith.page with no frontend code
Multi-tenant isolation — one client serving many orgs
Session bridging across subdomains via signed httpOnly cookies

What LoginWith does not do

Store your users’ passwords — there are none; every login is delegated
Host your app or its data
Replace a customer identity platform for features like MFA policies, fine-grained RBAC, or SCIM provisioning (yet)

Quickstart

Ship a working login in two HTML tags.

Concepts

Orgs, clients, tenants, sessions — how they compose.

Browser SDK

@loginwith/sdk — tokens and sessions in the browser.

Server SDK

@loginwith/client — verify tokens server-side, any language.