Modern Authentication
for Web3 Applications

Bitcoin-based authentication with zero server secrets. Your keys, your identity.

How It Works

Simple, secure authentication in three steps

Create Identity

Generate your cryptographic identity locally in your browser

Sign Challenge

Prove ownership by signing a cryptographic challenge

Access Granted

Receive a secure session token for authenticated access

Cross-Device Sync

Backup and restore your identity across all your devices with encrypted cloud sync

Universal Compatibility

Works with any OAuth 2.0 compatible application or service

Access Control

Verify on-chain ownership and token holdings with cryptographic proof

NFT Ownership

Gate access based on NFT ownership with on-chain verification

Membership NFTs & exclusive content
Monthly/annual subscription ordinals
On-chain certificates & credentials
1Sat Ordinals verification (BSV)

Coming Soon

Verify ownership of NFTs and ordinals across multiple chains with zero-trust cryptographic proof.

Token Thresholds

Create tiered access levels based on token holdings

Gold/Diamond/Platinum VIP tiers
Governance voting weight verification
Loyalty & rewards program levels
Staking & delegation requirements

Coming Soon

Verify token balances and automatically grant access based on configurable thresholds.

Real-World Use Cases

NFT Membership Sites

Gate premium content with NFT ownership. Mint monthly access passes as ordinals on BSV.

Premium ContentExclusive Communities

Tiered Rewards Programs

Create Gold/Platinum tiers based on token holdings. Automatically adjust perks as balances change.

Loyalty ProgramsVIP Access

DAO & Governance

Weight voting power by token holdings. Verify proposal access with governance NFTs.

Community VotingProposal Access

Token-Based Subscriptions

Sell monthly/annual subscriptions as NFTs. Users pre-pay by purchasing the current period's token.

SaaSDigital Services

Optional Cloud Backup

Users can enable encrypted cloud backup for ultimate convenience

Cross-Device Sign In

Users who enable cloud backup can sign in from any device, even if it doesn't have their keys. Works by securely storing an encrypted copy of their private keys.

1

User Creates Backup

Keys are encrypted with user's password and stored on our servers. We never see the unencrypted keys.

2

Link OAuth Providers (Optional)

Users can link their GitHub or Google account to their backup for easy recovery.

3

Sign In From Any Device

User clicks "Sign in with GitHub" → System finds their backup → Prompts for password → Decrypts keys locally → Access granted.

Security & Privacy

  • • Password never leaves the user's device
  • • Encryption/decryption happens locally in browser
  • • Server only stores encrypted blob - cannot decrypt
  • • Completely optional - users decide per-account

Cross-Device Freedom

Sign in from phone, tablet, or any computer without transferring keys manually

Zero-Knowledge

Your password is the encryption key. We can't access your keys even if we wanted to

User Choice

Every user decides for themselves. Apps work perfectly either way

Why Choose Sigma Auth?

The most secure, open, and cost-effective authentication solution

Universal

Deploy as a standalone service or embed into existing applications. Works with any framework or platform.

Self-hosted

Runs entirely on your infrastructure. Deploy on Node.js, Bun, AWS Lambda, or Cloudflare Workers.

Standards-based

Implements OAuth 2.0 spec and web standards. Any OAuth client can use it.

Access Control

Verify NFT ownership and token holdings with on-chain cryptographic proof.

Cross Device Restore

Restore your identity across all your devices with just your password.

Backup File Import

Handles all backup file formats. Import your backup file to sign in.

On-Chain Profiles

Supports BAP profiles automatically when you sign in with associated keys.

For Developers

Use our public OAuth 2.0 API, or host your own

Quick Start

1

Redirect to authorization endpoint

Point users to /login with your client_id and redirect_uri

2

User completes Bitcoin authentication

Users sign with Bitcoin keys or restore from backup, returns authorization code

3

Exchange code for JWT access token

POST to /token endpoint with authorization code

4

Use token for authenticated API calls

Include Bearer token in Authorization header

API Endpoints

OAuth 2.0 Core

GET/login
POST/token
GET/userinfo

Authentication

POST/loginBitcoin
GET/google/callbackGoogle
GET/github/callbackGitHub

Backup & Restore

GET/backup
POST/backup
GET/backup/status
GET/backup/oauth
POST/backup/link-oauth

Access ControlComing Soon

POST/verify/nft
POST/verify/threshold
GET/collections
POST/keys/register