Auth (Overview)
Last Updated: 2026-06-28
Authentication across the platform is provided by Kinde.
Where it lives
libs/auth(@rocket-club/auth) — the shared Kinde wrapper consumed by the web and admin apps.apps/docs— currently keeps its own Kinde OTP login flow (under the(auth)route group) rather than depending onlibs/auth.
Direction
Consolidating all three apps onto libs/auth is planned follow-up work. The
web and admin apps already share the library; the docs app's OTP flow will be
folded in later. Removing the Backstage portal also dropped a third, separate
Kinde configuration, shrinking the auth surface.
ALB / OIDC
In production, the AWS Application Load Balancer terminates TLS and performs OIDC authentication with Kinde for the services it fronts (see Security, IAM & Secrets).