Sigma Auth is the reference Bitcoin Identity Authentication Server - an OAuth 2.0/OIDC issuer built on Better Auth that replaces traditional passwords with Bitcoin cryptographic signatures. It runs as a Cloudflare Worker with a static Next.js frontend for maximum performance and reliability.
Features
- No Passwords: Uses Bitcoin keypairs for authentication
- OAuth 2.0 Compliant: Full OAuth 2.0 implementation with PKCE support
- Cross-Device Backup: Link OAuth accounts to restore encrypted backups across devices
- JWT Tokens: Secure token generation with configurable expiration
- Global Edge: Runs on Cloudflare Workers for low latency worldwide
Built on Better Auth
Sigma Auth extends the Better Auth framework with a custom Bitcoin authentication plugin, inheriting all of Better Auth's benefits:
- Type-Safe: Full TypeScript support with automatic type inference
- Plugin Architecture: Extensible through custom plugins like our sigma plugin
- Modern: Built for modern web applications with React Query integration
- Self-Hosted: Runs on your own infrastructure
Key Benefits
🔐 Zero Server Secrets
No passwords or private keys are ever stored on servers. Users control their own Bitcoin keypairs, eliminating the risk of credential theft.
⚡ Lightning Fast
Global edge deployment on Cloudflare ensures sub-100ms response times worldwide.
🔄 OAuth 2.0 Compatible
Drop-in replacement for existing OAuth providers. Works with any OAuth 2.0 compatible system.
💰 Free to Self-Host
MIT licensed for unlimited self-hosted usage. Hosted service includes 5,000 MAUs free with optional Pro plan for scaling.
How It Works
- User generates or imports a Bitcoin keypair (standard secp256k1)
- Client creates a cryptographic signature of the authentication request
- Server verifies the signature using the public key
- Valid signature proves identity ownership without revealing private keys
Architecture
- Cloudflare Worker: OAuth 2.0 server built with Better Auth framework
- Next.js Client: Static frontend for authentication UI
- Sigma Plugin: Custom Better Auth plugin for Bitcoin signatures
- KV Storage: Sessions, OAuth states, and encrypted backups
Ready to Start?
Choose your integration path:
- Quick Start - Get up and running in minutes
- Integration Guide - Detailed implementation steps
- API Reference - Complete endpoint documentation