Home/Products/GrooveAuth

GrooveAuth

Biometric Passkeys Identity Layer

Give your users a seamless login experience. Add secure passkeys, social logins, and role-based access control with just a few lines of code.

SaaS Plan Price: $29.00 / month

grooveauth-challenge.js
// Generate cryptographic challenge at the edge
const challenge = await GrooveAuth.generateChallenge({
  userId: "usr_908123a",
  rpName: "TECHGOOVE Developer Club"
});

// Trigger browser WebAuthn biometric prompt
const credential = await navigator.credentials.create({
  publicKey: challenge
});

// Verify assertion statelessly in-memory
const tokenResult = await GrooveAuth.verifyCredential(credential);
console.log(tokenResult.jwt); // "eyJhbGciOiJSUzI1Ni..."

Biometric WebAuthn Authentication

Replace insecure password entries with modern TouchID, FaceID, and hardware key signatures validated locally at the hardware level.

Stateless JWT Issuance

Generate cryptographically signed JSON Web Tokens (JWT) at the edge, allowing your backend servers to verify identities statelessly.

Passkey Fallback Workflows

Provide automatic recovery fallbacks via encrypted secure magic-link tokens routed to verified customer SMTP routes instantly.

Identity Proxy Stateless Compliance Policy

In strict compliance with card network regulations and our payment partners' (including Stripe and Paddle) acceptable use guidelines, TECHGOOVE does not provide customer database hosting, user profile directories, VPS hosting, or cloud file storage services.

GrooveAuth operates purely as a stateless identity challenge broker. User credentials and keys are evaluated in-memory at the edge nodes during login requests. We do not store email tables, user directories, or user logs on our systems. All profile records remain securely hosted on your own database origins.

Developer SDK Integration

Implement cryptographic WebAuthn challenges directly in your application frontend and verify JWTs on your backend.

Frontend Challenge Initializernpm i @techgoove/auth-client
import { GrooveAuthClient } from "@techgoove/auth-client";

const auth = new GrooveAuthClient({ rpId: "techgoove.com" });

// Request stateless challenge from edge worker
const credentials = await auth.login({
  email: "developer@techgoove.com"
});

// Sends biometric payload to origin backend
await fetch("/api/session/verify", {
  method: "POST",
  body: JSON.stringify(credentials)
});
Backend JWT Verification (Node.js)npm i @techgoove/auth-server
import { GrooveAuthVerifier } from "@techgoove/auth-server";

const verifier = new GrooveAuthVerifier({
  publicKeyUri: "https://auth.techgoove.com/.well-known/jwks.json"
});

export async function handler(req, res) {
  const token = req.headers.authorization.split(" ")[1];
  
  // Verify token signature statelessly in-memory
  const decoded = await verifier.verify(token);
  
  res.json({ success: true, user: decoded.sub });
}

Technical Specifications

Cryptographic signature speeds and standard protocol integrations.

Credential Verification Latency< 15ms average
Supported ProtocolsFIDO2, WebAuthn, OAuth 2.0, SAML 2.0
Authentication FormatsHardware Keys (YubiKey), FaceID, TouchID
Cryptographic AlgortihmsECDSA (secp256r1), Ed25519
Token Generation ModeStateless, client-signed RS256 JWTs
User Directory HostingNone (Stateless broker - user DB hosted by customer)

Enterprise Use Cases

How developers implement secure passkey systems on high-value routes.

Biometric Portal Upgrades

Provide users with passwordless biometric auth options, lowering checkout friction and increasing conversion rates by removing email/password recalls.

High-Security Administrative Lock

Enforce mandatory biometric passkey prompts on sensitive billing actions, token updates, and settings panels to block session-hijacking compromises.

Frequently Asked Questions

Does GrooveAuth store my user accounts or profiles?

No. GrooveAuth acts as a stateless cryptographic broker between your clients and your own databases. We do not host user databases, profile directories, email logs, or media files. User records, hashes, and profiles must be hosted on your own secure databases (such as PostgreSQL or AWS DynamoDB). GrooveAuth simply parses the cryptographic key exchange in-memory and returns a verified signature.

Can I use GrooveAuth for hosting general login portals?

No. GrooveAuth is an authentication protocol proxy layer, not a portal host. You run the login screens on your own hosting servers and call our stateless API endpoints during credential challenges.

Does it support enterprise Single Sign-On (SSO)?

Yes. GrooveAuth can act as an OIDC broker, translating WebAuthn hardware challenges into standard SAML 2.0 and OpenID Connect payloads for corporate directory mappings.