GrooveAuth
Biometric Passkeys Identity Layer
Give your users a seamless login experience. Add secure passkeys, social logins, and role-based access control with just a few lines of code.
SaaS Plan Price: $29.00 / month
// Generate cryptographic challenge at the edge
const challenge = await GrooveAuth.generateChallenge({
userId: "usr_908123a",
rpName: "TECHGOOVE Developer Club"
});
// Trigger browser WebAuthn biometric prompt
const credential = await navigator.credentials.create({
publicKey: challenge
});
// Verify assertion statelessly in-memory
const tokenResult = await GrooveAuth.verifyCredential(credential);
console.log(tokenResult.jwt); // "eyJhbGciOiJSUzI1Ni..."Biometric WebAuthn Authentication
Replace insecure password entries with modern TouchID, FaceID, and hardware key signatures validated locally at the hardware level.
Stateless JWT Issuance
Generate cryptographically signed JSON Web Tokens (JWT) at the edge, allowing your backend servers to verify identities statelessly.
Passkey Fallback Workflows
Provide automatic recovery fallbacks via encrypted secure magic-link tokens routed to verified customer SMTP routes instantly.
Identity Proxy Stateless Compliance Policy
In strict compliance with card network regulations and our payment partners' (including Stripe and Paddle) acceptable use guidelines, TECHGOOVE does not provide customer database hosting, user profile directories, VPS hosting, or cloud file storage services.
GrooveAuth operates purely as a stateless identity challenge broker. User credentials and keys are evaluated in-memory at the edge nodes during login requests. We do not store email tables, user directories, or user logs on our systems. All profile records remain securely hosted on your own database origins.
Developer SDK Integration
Implement cryptographic WebAuthn challenges directly in your application frontend and verify JWTs on your backend.
import { GrooveAuthClient } from "@techgoove/auth-client";
const auth = new GrooveAuthClient({ rpId: "techgoove.com" });
// Request stateless challenge from edge worker
const credentials = await auth.login({
email: "developer@techgoove.com"
});
// Sends biometric payload to origin backend
await fetch("/api/session/verify", {
method: "POST",
body: JSON.stringify(credentials)
});import { GrooveAuthVerifier } from "@techgoove/auth-server";
const verifier = new GrooveAuthVerifier({
publicKeyUri: "https://auth.techgoove.com/.well-known/jwks.json"
});
export async function handler(req, res) {
const token = req.headers.authorization.split(" ")[1];
// Verify token signature statelessly in-memory
const decoded = await verifier.verify(token);
res.json({ success: true, user: decoded.sub });
}Technical Specifications
Cryptographic signature speeds and standard protocol integrations.
| Credential Verification Latency | < 15ms average |
| Supported Protocols | FIDO2, WebAuthn, OAuth 2.0, SAML 2.0 |
| Authentication Formats | Hardware Keys (YubiKey), FaceID, TouchID |
| Cryptographic Algortihms | ECDSA (secp256r1), Ed25519 |
| Token Generation Mode | Stateless, client-signed RS256 JWTs |
| User Directory Hosting | None (Stateless broker - user DB hosted by customer) |
Enterprise Use Cases
How developers implement secure passkey systems on high-value routes.
Biometric Portal Upgrades
Provide users with passwordless biometric auth options, lowering checkout friction and increasing conversion rates by removing email/password recalls.
High-Security Administrative Lock
Enforce mandatory biometric passkey prompts on sensitive billing actions, token updates, and settings panels to block session-hijacking compromises.
Frequently Asked Questions
Does GrooveAuth store my user accounts or profiles?
No. GrooveAuth acts as a stateless cryptographic broker between your clients and your own databases. We do not host user databases, profile directories, email logs, or media files. User records, hashes, and profiles must be hosted on your own secure databases (such as PostgreSQL or AWS DynamoDB). GrooveAuth simply parses the cryptographic key exchange in-memory and returns a verified signature.
Can I use GrooveAuth for hosting general login portals?
No. GrooveAuth is an authentication protocol proxy layer, not a portal host. You run the login screens on your own hosting servers and call our stateless API endpoints during credential challenges.
Does it support enterprise Single Sign-On (SSO)?
Yes. GrooveAuth can act as an OIDC broker, translating WebAuthn hardware challenges into standard SAML 2.0 and OpenID Connect payloads for corporate directory mappings.