SDK v0.9.3 — Embedded Auth GA

Start building in 5 minutes

Auth for users, services & AI agents. OAuth redirect or Clerk-style embedded components — your choice. White-labeled, fully customizable.

Quick Start API Reference

auth.ts

1import { createZewstIDAuth } from '@zewstid/nextjs';
2
3export const { handlers, auth, signIn, signOut } =
4  createZewstIDAuth({
5    domain: 'auth.zewstid.com',
6    clientId: process.env.ZEWSTID_CLIENT_ID!,
7    clientSecret: process.env.ZEWSTID_CLIENT_SECRET!,
8  });

Official SDKs

First-class libraries for every stack.

Next.js

v0.9.3

App Router + NextAuth integration, embedded components, server actions.

TypeScript

React Native

v0.3.0

New

OAuth + push auth for iOS and Android with secure token storage.

TypeScript

React

v0.1.3

Hooks and components for SPAs with PKCE OAuth flow.

TypeScript

Node.js

v0.2.0

Backend token validation, M2M auth, and webhook verification.

TypeScript

npm install @zewstid/nextjs

Two Ways to Integrate

Choose the approach that fits your app.

OAuth Redirect

Recommended for most apps

Redirect users to auth.zewstid.com. ZewstID handles the login page, MFA, and session management. Your app gets tokens via NextAuth.

route.ts

1// app/api/auth/[...nextauth]/route.ts
2import { handlers } from '@/auth';
3
4export const { GET, POST } = handlers;

OAuth integration guide

Embedded Components

Clerk-style inline auth

Drop-in sign-in form, popup, or user button directly in your UI. Supports password, OTP, and magic-link methods.

1// app/login/page.tsx
2import { EmbeddedSignIn } from '@zewstid/nextjs';
3
4export default function LoginPage() {
5  return (
6    <EmbeddedSignIn
7      clientId="your-client-id"
8      domain="auth.zewstid.com"
9      methods={['password', 'otp', 'magic-link']}
10    />
11  );
12}

Embedded sign-in guide

Platform Capabilities

Everything you need to ship secure auth.

Authentication

12 methods including OAuth, passwords, magic links, OTP, WebAuthn, and social providers (Google, GitHub, Microsoft, Apple).

Machine-to-Machine

Client credentials grant for service-to-service communication. Scoped tokens, automatic rotation, and audit logging.

AI Agent Auth

First-class support for authenticating autonomous agents. Delegated access tokens and A2A protocol integration.

Webhooks

Real-time auth event notifications. User registration, login, MFA, and session events delivered to your endpoint.

Multi-Factor Auth

TOTP, push authentication, WebAuthn/passkeys, and email OTP. Configurable per-client enforcement policies.

Organization Management

Multi-tenant support with SSO (SAML/OIDC), SCIM provisioning, custom branding, and domain verification.

API at a Glance

Key endpoints on auth.zewstid.com/realms/zewstid and api.zewstid.com

Method	Endpoint	Description
GET	/.well-known/openid-configuration	OIDC discovery document
POST	/protocol/openid-connect/token	Exchange code for tokens
GET	/protocol/openid-connect/certs	JWKS public keys (RS256)
POST	/api/v1/embedded/auth/check-email	Embedded auth — detect user
POST	/api/v1/embedded/auth/code/exchange	Embedded auth — code → tokens
POST	/api/v1/agents/token	Machine-to-machine token (client_credentials)

Full API Reference

Latest Updates

What's new on the platform.

SDKFeb 2026

v0.9.3 — Embedded Sign-In GA

EmbeddedSignIn, PopupSignIn, UserButton components — Clerk-style inline auth.

MobileFeb 2026

v0.3.0 — React Native Push Auth

Okta Verify-style push authentication for mobile apps.

APIFeb 2026

Phase 19 — 7 Embedded Auth Endpoints

Password, OTP, magic-link flows with PKCE and origin validation.

InfraJan 2026

Phase 18 — Custom Identity Provider

9 SPIs baked into a single Docker image. No more JAR mounting.

View full changelog