Authio Lobby
Authio Lobby
Drop-in passwordless authentication. Hosted UI, four SDKs, four sign-in methods, sessions, embeddable IT-admin widgets — all under one named module.
Lobby is the auth front door. If you ship a product that needs sign-in, this is the bundle you integrate first. WorkOS calls theirs AuthKit; we call ours Lobby — the per-feature shape is similar, our defaults are different (passwordless-first, multi-org-first).
See the marketing landing page at authio.com/products/lobby for the buyer-facing pitch. This page is the docs hub — everything below is a link into a deeper page.
Get started
- Quickstart — 5-minute integration with
@authio/nextjs; mirrors for@authio/react(Vite),@authio/vue, and@authio/node. - create-authio-app — scaffold a new project that ships Lobby pre-wired.
Sign-in methods
- Methods overview — what to pick and when. Every link below is one of the four supported sign-in surfaces inside Lobby.
- Passkeys, Magic Auth, and Social
- SSO Setup Portal — your customer's IT team self-serves their IdP.
Sessions
- Sessions overview — how Lobby's session helpers work end-to-end.
- Sessions and JWT/JWKS — the JWT shape and the JWKS rotation contract.
- Session lifecycle and timeouts
User profiles
- User profiles — what Lobby collects at sign-in vs what your app should ask for after (name, phone, metadata, SSO, webhooks).
Branding
- Branding (P1-A placeholder) — coming with the parallel P1-A Branding editor worker.
- Custom domains — shipped today; per-org logo + colors arrive with P1-A.
Embedded widgets
- Widgets overview (Lobby-specific)
- Widgets — full reference
- SSO Connection widget
- Directory Sync widget
- Widget tokens
- Widget security model
Customizing Lobby
- Customizing overview — custom domains, custom claims, organization policies in one place.
- Custom domains
- Custom domain setup wizard
What's NOT inside Lobby
Some surfaces sit outside Lobby on purpose. They are peer modules under the same product taxonomy:
- Connect — OAuth / OpenID provider, DCR, CIMD, MCP. See DCR, CIMD.
- Authorization — Roles, Permissions, FGA. Lobby ships with basic role assignment built in; the standalone Authorization module is the upsell. See Roles & Permissions and FGA.
- Actions — synchronous webhook hooks across auth events. See Actions.
- Compliance — controls / DSRs / access reviews. See Compliance.
- Migrate — importers from 8 other vendors. See Migrate.