Appearance

Flowsta AuthDecentralized Authentication for Web & Desktop

OAuth SSO for web apps. Identity linking for desktop apps. Holochain-powered zero-knowledge privacy.

Get Started
View on GitHub
Flowsta Auth Network Architecture
🌐

Web OAuth SSO

Add "Sign in with Flowsta" to your web app. OAuth 2.0 + PKCE, no client secrets, pre-built login buttons for React, Vue, Qwik, and vanilla JS.

Auth Guide

🖥️

Flowsta Vault

Desktop identity manager for Holochain apps. Users control their own keys, approve link requests, and manage connected apps locally.

Vault Guide

🔗

Agent Linking

Link your Holochain app's agent key with the user's Flowsta identity. Cryptographic attestations on your DHT, verifiable by anyone.

Agent Linking

🔒

Zero-Knowledge Privacy

Private data encrypted on Holochain with user-derived keys. Even Flowsta staff cannot access emails, recovery phrases, or sessions.

Learn More

💾

Backups & Data Portability

CAL-compliant user data backups. Users can export their Holochain source chain and access their cryptographic keys at any time.

CAL Compliance

🔑

W3C DIDs & Ed25519

Every user gets a W3C Decentralized Identifier anchored to their Ed25519 keypair. Self-sovereign, portable, and verifiable.

Identity & DIDs

Three Integration Paths

Choose the approach that fits your application:

Web Apps - OAuth SSO

Add "Sign in with Flowsta" with the @flowsta/auth SDK:

typescript
import { FlowstaAuth } from '@flowsta/auth';

const auth = new FlowstaAuth({
  clientId: 'your_client_id',
  redirectUri: 'https://yourapp.com/auth/callback'
});

auth.login(); // Redirects to login.flowsta.com

const user = await auth.handleCallback();
console.log('Welcome,', user.displayName);

Desktop Holochain Apps - Agent Linking

Link your app's agent key with the user's Flowsta Vault identity:

typescript
import { linkFlowstaIdentity } from '@flowsta/holochain';

const result = await linkFlowstaIdentity({
  appName: 'YourApp',
  clientId: 'your_client_id',
  localAgentPubKey: myAgentKey,
});

// Commit attestation to your DHT
await appWebsocket.callZome({
  role_name: 'my-role',
  zome_name: 'agent_linking',
  fn_name: 'create_direct_link',
  payload: {
    other_agent: decodeHashFromBase64(result.payload.vaultAgentPubKey),
    other_signature: base64ToSignature(result.payload.vaultSignature),
  },
});

Desktop Tauri Apps - Vault Identity

Manage Flowsta Vault identity in Tauri desktop apps:

typescript
import { FlowstaVaultAuth } from '@flowsta/auth-tauri';

const vault = new FlowstaVaultAuth();

const status = await vault.getStatus();
if (status.unlocked) {
  const identity = await vault.getIdentity();
  console.log('DID:', identity.did);
  console.log('Agent key:', identity.agentPubKey);
}

Why Flowsta Auth?

Traditional authentication services store user data in centralized databases - single points of failure vulnerable to breaches, censorship, and vendor lock-in.

Flowsta Auth is different:

  • Zero-Knowledge Privacy - Flowsta staff physically cannot access user private data
  • W3C DIDs - Every user gets a standards-compliant Decentralized Identifier
  • User-Owned Data - Users control their own encryption keys, not us
  • No Client Secrets - PKCE provides security for browser and mobile apps
  • Always Available - Distributed Holochain network means no single point of failure

Documentation licensed under CC BY-SA 4.0.

Copyright © 2025-2026 Flowsta