Close Menu
    Check BMI
    Technology

    Show HN: Tesseral – Open-Source Auth

    TechAiVerseBy No Comments5 Mins Read1 Views
    Show HN: Tesseral – Open-Source Auth

    Show HN: Tesseral – Open-Source Auth

    Tesseral

    Tesseral is open source auth infrastructure for business software (i.e., B2B
    SaaS).

    Tesseral is a multi-tenant, API-first service designed to run on the cloud. It
    is not an authentication library tied to a particular language or framework;
    Tesseral works with any tech stack.

    Most developers should start by using Tesseral’s managed service, available at
    console.tesseral.com. You can also self-host
    Tesseral    .

    Key Features

    Tesseral bundles everything that a developer needs to manage users in business software.
    Hosted, customizable login pages

    Prebuilt UIs, customizable to your brand. Add and remove login methods with just a few clicks in the Tesseral Console.
    B2B multitenancy

    Tesseral is built for B2B SaaS. Your customer’s admins control how their users log in to their tenant, and can add or remove users at will.
    User impersonation

    See exactly what your users see. Debug and support faster by logging in as your users.
    Self-service config for your customers

    Pre-built settings pages where your customers can invite coworkers, edit their login settings, and everything else they need.
    Magic Links

    Add “Log in with Email” support using magic links, without writing any code.
    Social Login

    Add Log in with Google, Log in with GitHub, and Log in with Microsoft support without writing any code.
    SAML (Enterprise Single Sign-On)

    Add SAML support to your product without writing any code.
    SCIM (Enterprise Directory Sync)

    Add SCIM support to your product without writing any code.
    Role-based access control (RBAC)

    Add fine-grained permissions to your product. The UI’s done for you, just plug in hasPermission calls wherever you need them.
    Multi-factor authentication (MFA)

    Add 2FA to your product without writing any code. Your customers can choose to require MFA for their users if they wish.
    Passkeys / WebAuthn

    Add “Log in with Passkey” support to your product without writing any code. Supports all passkey platforms, including Touch ID, Yubikeys, and more.
    Authenticator apps (TOTPs)

    Add time-based one-time-password (TOTP) support to your product without writing any code.
    API key management

    Not just user authentication. If you want your customers to call your endpoints automatically, give them API keys. UIs, permissions, and authentication checks all come pre-built.
    User invitations

    Your users can invite their coworkers, or you can invite them yourself from the Tesseral Console.
    Webhooks

    Live-sync data from Tesseral into your database with realtime webhook delivery.

    Get Started

    Read the documentation

    We encourage all developers to read the full documentation first, which is
    available at tesseral.com/docs. This README provides only a very brief subset of
    the docs to illustrate some basic ideas.

    SDKs

    Tesseral currently offers several SDKs for common web development frameworks.

    More SDKs, in particular Next.js, are in active development. If you do not see
    your preferred framework listed here, please get in touch with
    support@tesseral.com; we may be able to give you early access.

    Sign up

    For Tesseral’s managed service, you will first need to create an account at
    https://console.tesseral.com.

    You will need to create a Project and generate a Publishable Key. Publishable
    Keys always look like this: publishable_key_....

    Integrate your frontend

    To integrate Tesseral into your app, you’ll first need to integrate your
    frontend. This example uses the Tesseral React
    SDK    .

    Install the SDK like this:

    npm install @tesseral/tesseral-react

    Then, using your Publishable Key (starts with publishable_key_...), wrap your
    React app in the component:




    )”>

    import { createRoot } from "react-dom/client"
import { TesseralProvider } from "@tesseral/tesseral-react";
import App from "./App.tsx"

const root = createRoot(document.getElementById("root")) 
root.render(
  // use your Project's Publishable Key here
  <TesseralProvider publishableKey="publishable_key_...">
    <App />
  TesseralProvider>
)

    The will handle a variety of auth-related tasks for you,
    including:

    • Redirecting unauthenticated users to the login page (“login gating”)
    • Refreshing users’ access tokens in the background when they’re close to
      expiring
    • Automatically including access tokens in requests from your frontend
      to your backend

    Integrate your backend

    Once you have your frontend integrated with Tesseral, you’ll then need to
    integrate your backend.

    Tesseral works with any backend or framework. SDKs are available for the
    following:

    Your app might look something like this example, using the Flask
    SDK    :

    from flask import Flask
from tesseral_flask import access_token_claims, require_auth


app = Flask(__name__)

# use the same Publishable Key you used for your frontend
app.before_request(require_auth(publishable_key="publishable_key_..."))


@app.route("/api/hello", methods=["GET"])
def hello():
    # get the user's email from the current request
    # Tesseral ensures that user emails are always verified
    email = access_token_claims().user.email
    return ("hello, " + email)


if __name__ == "__main__":
    app.run(debug=True, port=5050)

    Tesseral’s
    require_auth()
    middleware (or its equivalent in your framework’s SDK) validates access tokens
    for you, and only authenticated requests will go through to your endpoint
    handlers. A client can successfully GET /api/hello if and only if it has a
    valid Tesseral access token.

    You can extract out details about the requester using:

    Or their equivalent in your framework’s SDK.

    Once you have your backend integrated, you have implemented Tesseral!

    License

    MIT.

    Contributing

    We welcome outside contributions!

    Please be aware, however, that auth software is complex and extremely delicate.
    We are very cautious with the changes that we merge. We recommend you first open
    a GitHub issue outlining any proposed changes.

    Security

    Please immediately report any potential vulnerabilities to
    security@tesseral.com. We will get back to you over email.

    Please do not open GitHub issues for any security-related concerns.

    Community

    We love enterprise software and the people building it.

    Please join our community and stay up to date on new releases, events, and other
    Tesseral news by following us on
    LinkedIn and on X
    (Twitter)    . You can also check out our
    newsletter and our
    blog.

    You should also feel welcome to get in touch at founders@tesseral.com with
    questions.

    Who we are

    This is commercial open source software managed by Tesseral, a startup based in
    San Francisco. We previously built
    SSOReady, an open source middleware for
    SAML SSO and SCIM provisioning.

    Primary technical responsibility for Tesseral belongs to Ulysse
    Carion    , cofounder and CTO at Tesseral, and to Tesseral’s
    technical staff: Blake Williams and Dillon
    Nys    .

    Share.

    Jonathan is a tech enthusiast and the mind behind Tech AI Verse. With a passion for artificial intelligence, consumer tech, and emerging innovations, he deliver clear, insightful content to keep readers informed. From cutting-edge gadgets to AI advancements and cryptocurrency trends, Jonathan breaks down complex topics to make technology accessible to all.

    Related Posts

    Leave A Reply