Voult.dev is a developer-first authentication platform that provides secure, scalable, and easy-to-integrate authentication APIs for modern web applications.
It handles the hard parts of auth — user management, email verification, password resets, magic links, OAuth integration, JWT handling, and account security — so developers can focus on building products, not auth systems.
Live: https://www.voult.dev
- User registration (email + password, or username + password)
- Secure login & logout (email-based or username-based)
- Magic link authentication (passwordless login)
- JWT-based authentication with token versioning
- Email verification flow
- Password reset (forgot & reset)
- Password strength enforcement
- Prevent login for:
- Unverified emails
- Disabled accounts
- OAuth middleware for API routes
- Multi-provider configuration (in development)
- Seamless provider integration
- Soft delete (disable account)
- Re-enable disabled accounts
- Token revocation via
tokenVersion - Current user (profile) endpoint (
/me) - Username and email-based account lookup
- API-first architecture
- Clean MVC structure
- Built for extensibility
- SDK support (WIP)
- Rate-limited sensitive endpoints
- Comprehensive input validation
- Atomic operations for data integrity
- Backend: Node.js, Express
- Auth: JWT, OAuth middleware
- Database: MongoDB + Mongoose
- Templating: EJS (for emails & views)
- Security: bcrypt, rate limiting, validation middleware, atomic transactions
- Frontend (Landing / Docs): HTML, CSS, JavaScript, React.js
voult/
├── config/ # App & auth configuration
├── controllers/ # Request handlers (auth, users, OAuth, magic links, etc.)
├── models/ # Mongoose schemas
├── routes/ # API routes
├── services/ # Business logic (tokens, email, OAuth, magic links, etc.)
├── validators/ # Input validation logic
├── utils/ # Shared utilities
├── views/ # EJS templates
├── public/ # Static assets
├── TODO.md # Product roadmap
└── structure.md # Architecture notesRecent Enhancements (May 2026):
- Enhanced magic link functionality with atomic token claiming and redirect URI allowlisting (WIP)
- API rate limiting for magic link routes
- JWT middleware improvements for cleaner user data handling
- Username-based authentication (registration & login)
- OAuth middleware integration for multi-provider support
- Comprehensive TODO documentation with detailed feature tracking
- Email service configuration updates for consistency
- Javascript SDK
This project is 4 months away from launch.