What is SpartanAuth?

SpartanAuth is an authentication microservice that handles the hard parts of auth — passkeys, MFA, magic links, social login, login widget, user management — so your application doesn’t have to.

The guiding principle is Spartan simplicity: the correct, secure way to implement authentication should also be the easiest way.

How it fits in your stack

Your frontend
    │
    ▼
<spartan-login> widget          ← npm package, any framework
    │  (issues JWT on success)
    ▼
SpartanAuth API                 ← hosted at api.spartanauth.com
    ▼
Your backend                    ← verifies tokens via introspection
    │
    ▼
Your database / business logic

Customers authenticate through the login widget. On success, the widget issues a signed JWT that your backend verifies with a single HTTP call to SpartanAuth’s introspection endpoint. Your backend never needs to store passwords, manage MFA secrets, or handle WebAuthn ceremonies.

Key components

Component	What it is
SpartanAuth API	The authentication server — gRPC + HTTP REST gateway
Dashboard	Web UI for managing sectors, users, and settings
Login Widget	npm package of web components for your frontend

Who manages what

SpartanAuth manages:

• Password hashing and storage
• WebAuthn (passkey) registration and ceremony handling
• TOTP and OTP secrets
• Email delivery for magic links and MFA codes
• JWT signing keys
• OAuth / social login flows

You manage:

• Your application’s business data and users’ roles/permissions
• Which sector your application belongs to
• Whether self-sign-up is allowed
• OAuth provider credentials (Google, GitHub, Apple)

Sectors

Every application (or tenant) in SpartanAuth lives in a sector — an isolated namespace with its own users, security settings, and configuration. Think of a sector the way you’d think of a Keycloak realm or an Auth0 tenant.

You get your sector ID from the dashboard, and pass it to the login widget as the sector attribute. That’s the only configuration your frontend needs.