Plock

Project Overview: Plock is an all-in-one authentication server, providing email & password, email verification codes, two-factor authentication, OAuth with social providers, and passkey authentication, with session management using cookies and bearer tokens.

Demo of Plock
Demo of Plock
Using Plock with Expo for mobile app authentication
Using Plock with Expo for mobile app authentication
Plock README
Plock README
Image 0 of 0

Objectives

  1. Dead simple drop-in replacement of your current auth solution.
  2. Use modern authentication methods, such as OAuth, email verification, and Passkeys.
  3. Usage for web and mobile apps.

Features

  1. Own your data
  • Plock is not like many other third-party cloud authentication service that stores your users’ data on their servers. Plock is just an authentication server running as a single Docker container, that stores users and sessions in your database. That way, you get to keep your data.
  1. OAuth
  • OAuth has become a standard for modern authentication. It is used by thousands of companies, simplifying the user experience. Plock provides many OAuth providers out of the box. It will work as long as you provide the right client ID and client secret.
  1. Passkeys
  • Plock leverages passkeys to authenticate users seamlessly and securely. Passkeys are securely stored on the user’s device, or their cloud chain when using iCloud or Google.

Based on FIDO standards, passkeys are a replacement for passwords that provide faster, easier, and more secure sign-ins to websites and apps across a user’s devices. Unlike passwords, passkeys are always strong and phishing-resistant.

FIDO Alliance

  1. Email authentication
  • Plock provides email verification links to users. This way, users can authenticate themselves with their email address, without remembering a password.
  • When a user initiates the authentication process, an email is sent to the user’s email address with a one-time code. The user can then use this code to authenticate with Plock.

Architecture

Plock is self-contained and can be deployed in any environment supporting Docker. Under the hood, it is a Sveltekit app that handles all the authentication requests and provides a beautiful UI.

When the user on your website starts the authentication flow when trying to log in, here are redirected to the Plock server on your specified domain (environment variable). Then, the Plock server will handle the authentication request and redirect the user back to your website or mobile app.

Technology Stack