Overview

What is AuthPool

AuthPool is a plug-and-play Node.js authentication server. Call one function and you get Google OAuth, email/password login, JWT tokens, refresh rotation, CSRF protection, rate limiting, brute-force lockout, and RBAC — all production-ready.

How it works

Authentication is one of the most security-critical and tedious parts of any application. AuthPool solves it once: install the package, provide three environment variables, call startAuthServer(), and you have a complete auth backend. Every security layer is on by default — no configuration required to be production-safe.

Steps

1. 1
   npm install authpool
2. 2
   Create a .env file with MONGO_URI, JWT_SECRET, and SESSION_SECRET.
3. 3
   Call in your server entry point.startAuthServer()
4. 4
   Your server is live at http://localhost:5000 with all routes registered.
5. 5
   Use /auth/google for OAuth, or POST /auth/register for email/password.
6. 6
   Attach the returned accessToken as Authorization: Bearer <token> on protected routes.
7. 7
   Call POST /auth/refresh when the token expires — the httpOnly cookie handles it automatically.

Key features

Why it matters

Most teams spend days wiring Passport, JWT, CSRF, sessions, and refresh tokens together — and still get something wrong. AuthPool is the result of solving all of those problems once, correctly.

Reference