Secure Authentication
Connect your applications with our authentication service
Welcome
Choose your account type to continue
About MTAS
A multi-tenant authentication broker. Register your app, redirect users here for login, get back an RS256-signed JWT — your backend verifies it locally using the public key.
Your frontend redirects to MTAS for login, exchanges an auth code for a JWT, and your backend verifies it using the MTAS public key.
How It Works
Your app redirects the user to MTAS with your appId and redirect URI
User authenticates on the MTAS login page
MTAS redirects back with a one-time auth code (5 min TTL)
Your frontend exchanges the code for an RS256-signed JWT
Your backend fetches the MTAS public key once and caches it
All subsequent requests are verified locally — no calls to MTAS
Key Properties
🏢 Tenant Isolation
Each client app gets its own user pool. Users belong strictly to the client that registered them and are never shared. The same email can exist under different clients.
⚡ Stateless Verification
JWTs are signed with RS256 (asymmetric). Your backend fetches the public key from a standard JWKS endpoint once, then verifies every token locally.
🎟️ Auth Code Exchange
OAuth2-inspired flow: login returns a short-lived auth code (single use, 5 min TTL) that gets exchanged for a JWT. Tokens never pass through browser redirects.
🛡️ Redirect URI Whitelist
Login attempts are rejected unless the redirect URI is registered in the client's whitelist. Prevents open redirect attacks.
Tech Stack
⚙️ API
- NestJS 11 + TypeORM
- JWT (RS256 / HS256)
- PostgreSQL
- Passport.js
🖥️ UI
- Next.js 15 + React 19
- shadcn/ui + Tailwind CSS
- React Hook Form + Zod
- TanStack Query
🚀 Infrastructure
- Docker Compose (PostgreSQL)
- Vercel (UI)
- Render (API)
Try It Out
Register a client account, configure your redirect URIs, and integrate MTAS into your app.
Register Your App