Authentication

Flux Auth handles the full authentication lifecycle for your app — user sign-up, sign-in, session management, and MFA — with no custom identity infrastructure required.

Consumer Auth

Flux supports email/password, social login (Google, GitHub, Microsoft), and passwordless (magic link, passkey) out of the box. Each method is enabled per-project from the Auth settings.

Initialize auth and verify a session

Rust

use flux_sdk::Flux;

let flux = Flux::init("your-api-key");

// Verify an inbound session token (e.g. from a request header)
let user = flux.auth().verify_session(&token)?;

println!("Authenticated: {} ({})", user.email, user.id);

Python

import flux

flux.init("your-api-key")

user = flux.auth.verify_session(token)
print(f"Authenticated: {user.email} ({user.id})")

Node.js

import Flux from '@flux/sdk';

const flux = Flux.init('your-api-key');

const user = await flux.auth.verifySession(token);
console.log(`Authenticated: ${user.email} (${user.id})`);

Multi-Factor Authentication

MFA can be required globally, per organization, or per user. Flux supports TOTP (authenticator apps) and SMS.

Enable MFA enforcement from the Auth settings page, or enforce it programmatically when an organization is created (see Organizations).

To check whether the current session satisfies MFA:

let session = flux.auth().get_session(&token)?;

if !session.mfa_verified {
    // Redirect to MFA challenge
}

Session Management

Sessions are JWT-based with a configurable expiry (default 7 days). Flux handles token rotation automatically — your app receives a refreshed token on each verified request.

To explicitly invalidate a session (e.g. on sign-out):

flux.auth().revoke_session(&token)?;

To revoke all sessions for a user (e.g. on password reset or account compromise):

flux.auth().revoke_all_sessions(&user.id)?;

Enterprise SSO

SAML 2.0 and OIDC providers are supported for enterprise customers. SSO connections are scoped to an organization — each org can have its own identity provider.

Set up SSO from the Auth settings page by providing the IdP metadata URL or manual SAML configuration. No code changes are required; Flux routes SSO users into the correct organization automatically.

Next Steps

• Organizations — Scope users to tenants with roles and permissions
• Billing & Entitlements — Gate features behind subscription plans
• API Keys — Authenticate machine-to-machine calls