Sigma Auth
Introduction

Sigma Auth is the reference Bitcoin Identity Authentication Server - an OAuth 2.0/OIDC issuer built on Better Auth that replaces traditional passwords with Bitcoin cryptographic signatures. It runs as a Cloudflare Worker with a static Next.js frontend for maximum performance and reliability.

Features

  • No Passwords: Uses Bitcoin keypairs for authentication
  • OAuth 2.0 Compliant: Full OAuth 2.0 implementation with PKCE support
  • Cross-Device Backup: Link OAuth accounts to restore encrypted backups across devices
  • JWT Tokens: Secure token generation with configurable expiration
  • Global Edge: Runs on Cloudflare Workers for low latency worldwide

Built on Better Auth

Sigma Auth extends the Better Auth framework with a custom Bitcoin authentication plugin, inheriting all of Better Auth's benefits:

  • Type-Safe: Full TypeScript support with automatic type inference
  • Plugin Architecture: Extensible through custom plugins like our sigma plugin
  • Modern: Built for modern web applications with React Query integration
  • Self-Hosted: Runs on your own infrastructure

Key Benefits

🔐 Zero Server Secrets
No passwords or private keys are ever stored on servers. Users control their own Bitcoin keypairs, eliminating the risk of credential theft.

⚡ Lightning Fast
Global edge deployment on Cloudflare ensures sub-100ms response times worldwide.

🔄 OAuth 2.0 Compatible
Drop-in replacement for existing OAuth providers. Works with any OAuth 2.0 compatible system.

💰 Free to Self-Host
MIT licensed for unlimited self-hosted usage. Hosted service includes 5,000 MAUs free with optional Pro plan for scaling.

How It Works

  1. User generates or imports a Bitcoin keypair (standard secp256k1)
  2. Client creates a cryptographic signature of the authentication request
  3. Server verifies the signature using the public key
  4. Valid signature proves identity ownership without revealing private keys

Architecture

  • Cloudflare Worker: OAuth 2.0 server built with Better Auth framework
  • Next.js Client: Static frontend for authentication UI
  • Sigma Plugin: Custom Better Auth plugin for Bitcoin signatures
  • KV Storage: Sessions, OAuth states, and encrypted backups

Ready to Start?

Choose your integration path: