Auth (Overview)

Last Updated: 2026-06-28

Authentication across the platform is provided by Kinde.

Where it lives

  • libs/auth (@rocket-club/auth) — the shared Kinde wrapper consumed by the web and admin apps.
  • apps/docs — currently keeps its own Kinde OTP login flow (under the (auth) route group) rather than depending on libs/auth.

Direction

Consolidating all three apps onto libs/auth is planned follow-up work. The web and admin apps already share the library; the docs app's OTP flow will be folded in later. Removing the Backstage portal also dropped a third, separate Kinde configuration, shrinking the auth surface.

ALB / OIDC

In production, the AWS Application Load Balancer terminates TLS and performs OIDC authentication with Kinde for the services it fronts (see Security, IAM & Secrets).