SEQN Auth

SEQN Auth is the Clerk-like authentication surface for Silver/SEQN apps, backed by the self-hosted Silver Auth API and Authentik. The MVP deliberately excludes email delivery and payment collection.

Start here:

  • Quickstart - install the tiny JS SDK and verify keys.
  • React - provider, hooks, signed-in boundaries, and hosted links.
  • Next.js - server helpers, env wiring, and hosted redirects.
  • Express - middleware and route handlers for hosted auth.
  • Examples - runnable drop-in examples in examples/seqn-auth-*.
  • Hosted UI - using SEQN-hosted sign-in, sign-up, account, org, and console pages.
  • API contract - planned public and backend endpoint shapes.
  • Operations - deploy-adjacent checks, key handling, and rollout notes.
  • Docs hosting - docs.seqn.in hosting, DNS, and Caddy setup.

MVP scope

Included:

  • Public application config lookup by publishable key.
  • Public signup that creates a tenant workspace for non-platform users and makes the signer the workspace admin.
  • Shared-development Google OAuth metadata, matching Clerk's easy dev-mode pattern without asking each developer for Google credentials up front.
  • Agent/IDE setup context at /v1/setup/agent-context with install/env/redirect/origin instructions.
  • Dependency-free ESM helpers for hosted URLs, Next.js, and Express, plus a React helper factory with an injected React runtime.
  • Backend application/key health lookup by secret key.
  • Signed webhooks with endpoint secrets and delivery logs.
  • Admin audit-log reader and built-in request rate limiting.
  • First-party admin APIs for users, sessions, roles, manual invite links, subscription plans, subscription state, and usage counters.
  • Subscription-state enforcement for project, user, webhook, and usage mutations.
  • Hosted sign-in and sign-up handoff through the Silver Auth API.
  • Project/application records with redirect URL and origin allowlists.
  • Authentik as the identity engine.

Excluded for this MVP:

  • Email sending, templates, and deliverability workflows.
  • Payment collection, invoices, and hosted checkout.
  • Full Clerk API compatibility.

Endpoint targets

Public documentation target:


https://docs.seqn.in

Production target:


https://accounts.seqn.in

SDK contract targets:


GET /v1/client/config
GET /v1/setup/agent-context
GET /v1/backend/application
GET /v1/me

The service also exposes /healthz, /v1/config, hosted login/session routes, project management, user/session/role/invitation management, manual subscription management, webhook management, delivery logs, and admin audit logs.