Skip to main content

Welcome to Arraf Auth

Arraf Auth is a TypeScript-first authentication library specifically designed for the Saudi Arabia market. It provides a modern, flexible authentication solution with first-class support for phone + OTP authentication, alongside traditional email/password and OAuth flows.

Why Arraf Auth?

Built from the ground up for Middle Eastern developers, Arraf Auth recognizes that phone-based authentication is the primary authentication method in Saudi Arabia and the broader GCC region. Unlike generic authentication libraries that treat phone authentication as an afterthought, Arraf Auth makes it a first-class citizen.

Phone + OTP First

Built specifically for the Saudi market where phone numbers are the primary authentication method. Seamlessly integrate with local SMS providers like Unifonic, Taqnyat, and Msegat.

TypeScript Native

Fully typed from the ground up. Catch errors at compile time and enjoy excellent autocomplete support across your entire authentication flow.

Framework Agnostic

Core library works with any JavaScript framework. Official integrations available for Next.js, Express, and Hono. Build your own adapter in minutes.

Plugin Architecture

Extend functionality with plugins. Add custom routes, hooks into authentication events, and integrate with your existing systems.

Key Features

Multiple Authentication Methods

  • Phone + OTP - Primary authentication method optimized for the Saudi market
  • Email + Password - Traditional authentication with secure password hashing
  • OAuth - Support for Google, GitHub, and custom providers

Flexible Database Adapters

  • Prisma - Type-safe ORM with excellent DX
  • Drizzle - Lightweight SQL toolkit
  • Easily build custom adapters for any database

Framework Integrations

  • Next.js - App Router and Pages Router support
  • Express - Traditional Node.js applications
  • Hono - Modern edge-compatible framework

Developer Experience

  • Full TypeScript support with comprehensive types
  • Plugin system for extensibility
  • Session management (JWT or database-backed)
  • Secure by default with configurable options

Architecture Overview

Arraf Auth follows a modular architecture that separates concerns and allows you to pick exactly what you need: 
@arraf-auth/core          → Framework-agnostic auth engine

    ├─ Adapters          → Database layer (Prisma, Drizzle)
    ├─ Providers         → OAuth providers (Google, GitHub)
    └─ Integrations      → Framework bindings (Next.js, Express, Hono)
The core package handles all authentication logic, while adapters connect to your database, providers handle OAuth flows, and integrations bind everything to your framework of choice.

Saudi Market Focus

Arraf Auth is purpose-built for the Saudi Arabia market:
  • Phone numbers as primary identifiers - Most users authenticate with their phone number
  • OTP via SMS - Seamless integration with regional SMS providers
  • Local provider support - Easy integration with Unifonic, Taqnyat, Msegat, and other Saudi SMS gateways
  • Arabic language support - Configurable message templates for Arabic OTP messages

Quick Example

Here’s a complete authentication setup in just a few lines: 
import { createAuth } from "@arraf-auth/core"
import { prismaAdapter } from "@arraf-auth/adapter-prisma"
import { prisma } from "./lib/prisma"

export const auth = createAuth({
  secret: process.env.AUTH_SECRET!,
  database: prismaAdapter(prisma),
  
  // Configure SMS for phone OTP
  sms: {
    send: async ({ to, message }) => {
      // Integrate with your SMS provider
      // Unifonic, Taqnyat, Msegat, etc.
      return { success: true }
    }
  },
  
  // Optional: Configure OTP behavior
  otp: {
    length: 6,
    expiresIn: 300, // 5 minutes
    maxAttempts: 5,
  }
})

Get Started

Quickstart

Get up and running with Arraf Auth in under 5 minutes

Installation

Detailed installation guide for all packages and prerequisites

Phone + OTP Guide

Complete guide to implementing phone authentication with OTP

API Reference

Explore the complete API documentation

Community and Support

Arraf Auth is open source and built for the developer community:
Arraf Auth is in active development. While the core API is stable, some features may evolve based on community feedback.

Build docs developers (and LLMs) love

Get started for freeTalk to us