Features
Built for Modern Developers
Simple integration, powerful security, and true decentralization. Everything you need for production-ready authentication.
Quick Integration
Install the SDK with one command. Integrate authentication in minutes with our TypeScript-first SDK and comprehensive documentation.
Zero-Knowledge Privacy
Private data encrypted on Holochain. Even Flowsta staff cannot access user emails, recovery phrases, or sessions. True zero-knowledge architecture.
W3C DIDs
Every user gets a W3C-compliant Decentralized Identifier (DID). Self-sovereign, portable, and verifiable identities that users truly own.
Single Sign-On
One Flowsta account works across all partner sites. Seamless login experience like "Login with Google" but decentralized and privacy-focused.
Enterprise Security
BIP39 recovery phrases, Ed25519 cryptography, and password-encrypted keys. Security without complexity, built on battle-tested standards.
Censorship Resistant
Distributed storage on Holochain DHT means no single point of failure. Your users' identities can't be taken down by any authority.
Get Started in Minutes
Register Your App
Create a developer account and register your app to get your Client ID. Configure your redirect URIs and you're ready to integrate—no secrets, no API keys, just OAuth 2.0 + PKCE.
Add the Sign-In Button
Drop in our 'Sign in with Flowsta' button or build a custom OAuth flow. Generate a PKCE code verifier, build the authorization URL, and redirect users to login.flowsta.com.
Handle the Callback
Receive the authorization code at your redirect URI. Exchange it for an access token using your PKCE code verifier—all done securely in the browser, no backend secrets required.
Production Ready!
FAQs
Frequently Asked Questions
Common questions about integrating Flowsta Auth into your application.
How does zero-knowledge privacy work?
Private user data (emails, recovery phrases, sessions) is encrypted on Holochain using keys derived from user passwords. Flowsta employees physically cannot access this data—it's mathematically impossible without the user's password. This is true zero-knowledge architecture, not just a promise.
How long does integration take?
Most developers integrate Flowsta Auth in under an hour. Register your app to get a Client ID (no secrets required—OAuth 2.0 + PKCE), install our SDK with npm, add the sign-in button, and handle the callback. Our TypeScript-first SDK includes full IntelliSense and comprehensive documentation.
What are W3C DIDs and why do they matter?
DIDs (Decentralized Identifiers) are globally unique, cryptographically verifiable identifiers. Every Flowsta user gets a W3C-compliant DID based on their Ed25519 keypair. This enables verifiable credentials, cross-platform identity, and interoperability with other DID/VC ecosystems.
How does Single Sign-On work across partner sites?
When a user creates a Flowsta account, they can use it to login to any partner site integrated with Flowsta Auth. It works like "Login with Google" but with decentralized, user-owned identities. Users authenticate once and access all partner apps seamlessly.
Is it production-ready?
Yes! Flowsta Auth is built on battle-tested cryptographic standards (Ed25519, BIP39, PBKDF2) and Holochain's mature DHT infrastructure. We handle authentication for production applications and provide enterprise-grade security without complexity.
What happens if Flowsta goes offline?
That's the beauty of decentralization! User data is stored on the Holochain DHT, not Flowsta's servers. Even if Flowsta disappeared, users could still access their data and authenticate through the DHT. No central database means no single point of failure.