Free public instance

Zero-knowledge multi-user authentication for developers

A single dashboard and API for every auth protocol your stack needs.

Create account → Sign in View examples ↗

Standards-compliant and production-ready.

Three ways to authenticate

WEB

OIDC for web apps

Point any OAuth 2.0 / OIDC library at the discovery URL and you’re done. Works with anything that has a “sign in with OIDC” option. 

// next-auth / Auth.js
providers: [{
  id: "anonlogin",
  type: "oidc",
  issuer: "https://anonlog.in",
  clientId: process.env.AUTH_ANONLOGIN_ID,
  clientSecret: process.env.AUTH_ANONLOGIN_SECRET,
  authorization: { params: { scope: "openid" } },
  checks: ["pkce", "state"],
}]

Compatible with NextAuth.js, Auth.js, oauth2-proxy, omniauth, and every “custom OIDC provider” field you’ll ever see.

CLI

Device flow for terminals

RFC 8628 device authorization grant, end to end. The bundled anonlogin CLI handles login, token refresh, and storage — or wire up your own. 

$ anonlogin login

  URL:  https://anonlog.in/device/activate
  Code: BDWP-HQXC

  Or go directly to:
  https://anonlog.in/device/activate?user_code=BDWP-HQXC

  ✓ Authenticated successfully.

$ anonlogin token
eyJhbGciOiJSUzI1NiIs...

Perfect for headless boxes, dev tools, and anything where a browser lives somewhere else.

SCRIPT

API keys for scripts & CI

Long-lived bearer tokens with custom scopes. One header, no refresh dance. Every call shows up in your auth log so you always know what touched what. 

# in your app / service

$ curl https://anonlog.in/v1/me \
  -H "Authorization: Bearer $KEY"

{"account_id":"01J…",
 "auth_method":"api_key","scopes":[]}

Ideal for cron jobs, CI runners, and any script that needs to talk to your management API. Works with any HTTP client — no SDK required.

Standards in, standards out

Auth is the part nobody wants to build — password hashing, TOTP enforcement, PKCE, rate-limiting, token revocation, JWKS rotation. anonlogin implements the specs so you don’t have to, and your existing libraries already speak them.

OIDC Core 1.0OpenID Connect identity layer
RFC 6749OAuth 2.0 framework
RFC 7636PKCE (required for public clients)
RFC 8628Device authorization grant (CLI flow)
RFC 7662 / 7009Token introspection & revocation
RFC 6238TOTP — required on every login

Working code, not snippets

Two end-to-end reference projects you can clone, run, and copy from. Both live in github.com/anonlog/anonlogin-examples ↗.

WEB

nextjs-oidc/

Next.js + Auth.js wired up to anonlogin, end to end. Working sign-in, session, and protected routes. Drop-in starting point for any web app.

Next.js · Auth.js · TypeScript
CLI

anonlogin-cli/

First-party CLI source: device-flow login, token storage and refresh, calls to the management API. Useful as a reference for any headless or server-to-server use case.

Go · Device flow · Bearer tokens

Full reference (every endpoint, request/response shapes, scopes, error codes) lives inside the dashboard once you sign in.

Hardened by default

TOTP on every login

Password and a live authenticator code on every sign-in to every connected app. No SMS fallback that can be SIM-swapped, no “trust this device” bypass, no way to skip the second factor.

Per-app consent & revocation

Every client gets an explicit consent screen before it can touch your identity. You see the scopes, you approve them, and you can cut any app off instantly from the dashboard.

Anonymous by default

No email, no phone, no name — the account is a username and a TOTP secret. There’s nothing to breach, nothing to hand over, and no recovery email for an attacker to phish.

Set up in about a minute.

Pick a username, scan a QR code, save your recovery codes. Your identity provider, OAuth client registry, API key issuer, and CLI auth backend — all ready to go.

Create account → Sign in