DEV Community

Cover image for I Built a CLI That Generates Production-Ready Auth Backends in 30 Seconds (While Working From My Phone)
karabo seeisa
karabo seeisa

Posted on

I Built a CLI That Generates Production-Ready Auth Backends in 30 Seconds (While Working From My Phone)

#node #opensource #authentication #cli

Introduction

Two months ago I quit my retail job to go full indie.
Then my laptop died.

Since then, I’ve been building create-authenik8-app entirely on my phone , and it just crossed 177 runs with a new daily record of 51 yesterday.

The idea was simple: I was tired of starting every new backend project by copy-pasting the same JWT + refresh token + Redis + RBAC code… and often getting parts of the security wrong.

So I built a CLI that does it correctly from day one.

npx create-authenik8-app my-app
Enter fullscreen mode Exit fullscreen mode

30 seconds later you have a production-ready Express + TypeScript backend with secure authentication already solved.

The Problem Most Developers Face

Every backend needs authentication. Yet most of us waste days (sometimes weeks) on:

  • Setting up secure JWT access + refresh tokens with proper rotation
  • Implementing replay protection and secure token storage (usually in Redis)
  • Handling OAuth account linking without creating duplicate users
  • Adding RBAC middleware that actually works
  • Wiring up production concerns (rate limiting, Helmet, PM2, memory guards, etc.)

Even with Passport.js or Lucia, you still end up gluing everything together and hoping you didn’t introduce subtle security flaws.

I wanted something better.
The Solution:
create-authenik8-app

create-authenik8-app is not another auth library.
It’s a focused auth system generator that scaffolds a clean, opinionated, production-ready starter.

What you get instantly:
✅ JWT (access + refresh tokens) with secure rotation and JTI replay protection
✅ Redis-backed stateful sessions
✅ Built-in RBAC middleware (auth.requireAdmin, etc.)
✅ Google & GitHub OAuth handled intelligently
✅ Prisma support (optional)
✅ Clean scalable folder structure + TypeScript
✅ Auto-generated .env with secure defaults
✅ Production extras (PM2 cluster mode, Helmet, rate limiting, memory guards)

The Identity Engine: The Real Differentiator

At the core is the Authenik8 Identity Engine (inside authenik8-core).

Instead of treating auth as separate login flows, it treats authentication as an identity resolution problem.

It intelligently:

  • Unifies credentials (email/password) and OAuth providers
  • Prevents duplicate identities
  • Handles smart account linking
  • Normalizes provider profiles into your app’s schema
  • Applies consistent security rules across all methods
  • This design makes the whole system cleaner, more secure, and much easier to extend (MFA, WebAuthn, etc. are coming).

See Exactly What You Get

I published a real generated example so you can inspect the output without running anything:

create-authenik8-app-example
Enter fullscreen mode Exit fullscreen mode

You’ll see clean code, proper middleware usage, and how the Identity Engine is integrated.

Security & Trust

I know the biggest concern many developers have: “It has a closed-source core , why should I trust it?”
Valid point. Auth is critical.

Here’s my stance:

The CLI is 100% open source ,you can see exactly how everything is wired.
The Identity Engine is closed-source by design (common in security tooling) to protect sensitive implementation details like exact replay protection and token lifecycle logic.

Everything generated is fully inspectable and uses battle-tested patterns.
I added full CI on every push/PR with a live status badge.

I’m actively working on more transparency: detailed threat model, SECURITY.md, and future third-party audit.

My goal is to give solo devs and small teams a much better starting point than copy-paste boilerplate ,while being honest about the trade-offs.

My Journey So Far

Building this on a phone has been chaotic but rewarding.
Every time someone runs the CLI, I get a little notification and it keeps me motivated. The growth has been surprising, from 0 to 177 runs in under two weeks, with strong spikes after sharing updates.

I’m iterating daily based on feedback (thank you to everyone who’s commented!).

Who Is This For?

  • Solo developers and indie hackers
  • Small teams that want to ship fast
  • Anyone tired of repeating the same auth setup on every project

If you’re building something real and want auth done correctly without the usual headache, give it a spin.

Try It Now
npx create-authenik8-app my-app
cd my-app
redis-server --daemonize yes
npm run dev
Enter fullscreen mode Exit fullscreen mode

Repo: https://github.com/COD434/create-authenik8-app
Example output: https://github.com/COD434/create-authenik8-app-example
npm: create-authenik8-app

If it saves you time, a star would mean a lot to this phone-built project ⭐

I’d love your honest feedback ,what’s missing? What should I improve next?

Top comments (0)