Overview
IdentSphere is a self-hostable authentication and access-control SDK. It ships:
- A Rust backend (Axum-based) with ~40 HTTP endpoints covering every modern auth flow.
- A TypeScript / React frontend package (
@identsphere/react) with typed hooks + guards + an Axios client that handles refresh, CSRF, and cookie session bookkeeping for you. - A standalone Docker image (
identsphere-server) that any language stack can call as a sidecar. - A CLI (
identsphere migrate,identsphere export) for operating the database.
You wire it into your application, run it on your own infrastructure, and nothing ever phones home.
The model
┌──────────────────────────────────────────────────────────────────────┐
│ Your infrastructure │
│ │
│ ┌──────────────┐ HTTPS ┌──────────────────┐ SQL ┌───────┐ │
│ │ Your app + │───────────►│ identsphere-server │────────►│ Pg │ │
│ │ frontend │ cookies │ (this SDK) │ │ │ │
│ │ │ + JWT │ │ └───────┘ │
│ └──────────────┘ │ - register │ │
│ │ - login │ │
│ │ - MFA │ │
│ │ - passkey │ │
│ │ - OAuth │ │
│ │ - sessions │ │
│ │ - audit │ │
│ └──────────────────┘ │
│ │
└──────────────────────────────────────────────────────────────────────┘
✗ no outbound connections ✗
What you choose at deploy time
| Concern | Default (zero config) | Production options |
|---|---|---|
LogOnlySender — prints to stdout | SMTP, Resend, SES, SendGrid | |
| Object storage | LocalFsStorage — local disk | S3, R2, GCS, MinIO |
| Session cache | PostgresOnlyCache — DB only | Redis |
| JWT signing | HS256 (shared secret) | RS256 (asymmetric, JWKS-published) |
Every provider is a trait — bring your own implementation if our defaults don't match what you need.
What's actually here
| Layer | Lines of code | Tests |
|---|---|---|
identsphere-core | ~4,500 | 38 |
identsphere-axum | ~6,500 | 43 |
identsphere-cli | ~600 | 0 (smoke-tested via migration runs) |
identsphere-webhooks | ~150 | 3 |
@identsphere/react | ~2,500 | (typecheck only) |
| Total | ~14,000 | 84 |
Plus reserved-but-not-shipped premium crates: identsphere-saml, identsphere-scim,
identsphere-audit-export.
Where to go next
- First time? Start with Quick start.
- Just want to know what's in the box? Browse the API reference.
- Not using Rust on the backend? See Integration patterns.
- Worried about security? Read Security model.
- Ready to ship? Follow Production checklist.