finds.dev← search

// the find

netlify/gotrue

★ 4,438 · Go · MIT · updated Jul 2026

An JWT based API for managing users and issuing JWT tokens.

GoTrue is Netlify's auth microservice — email/password signup, JWT issuance, OAuth2 social login (GitHub, Google, GitLab, Bitbucket), and password recovery, all in one small Go binary. It's the direct ancestor of Supabase Auth (which forked and extended it heavily). If you want a self-hosted auth service that isn't Auth0, this is a reasonable starting point.

The webhook system is genuinely useful: validate, signup, login, userdeleted, and usermodified events with JWS-signed payloads let you hook into the auth lifecycle without modifying the service. The multi-instance mode with operator tokens is a real design — Netlify actually runs this across thousands of customer sites from one binary. Migration files are plain SQL with both up and down scripts, so you know exactly what's in your database. Test coverage is solid and organized by feature (external_github_test.go, token_test.go, etc.) rather than being one giant file.

MySQL only — the README says `DB_DRIVER` must be `mysql`, which is a hard constraint in 2026 when most new Go projects default to Postgres. Migrations are not applied automatically; you run them manually, which is a footgun in containerized deployments. The Netlify fork has been superseded by Supabase Auth (also called GoTrue but substantially rewritten with Postgres support, PKCE, MFA, and phone auth) — adopting this original repo means inheriting years of divergence from the actively maintained branch. The JWT revocation story is weak: logout revokes refresh tokens but access tokens remain valid until expiry, and there's no token blocklist.

View on GitHub → Homepage ↗

// want more like this?

We dig through GitHub every week and send a few repos picked for what you actually care about — each with an honest take like this one.

Get finds in your inbox → Search again →