Skip to main content
Ave Hero Light

What is Ave?

Ave is a passwordless identity platform that combines WebAuthn passkeys with end-to-end encryption to give users complete control over their data. It functions as both a standalone authentication system and an OAuth 2.0 / OpenID Connect provider.

Quickstart

Get users authenticated in minutes with our SDK

How it works

Understand Ave’s architecture and core concepts

OAuth integration

Use Ave as an identity provider for your app

Signing API

Enable cryptographic signing with user identities

Core features

Passwordless authentication

Ave uses WebAuthn passkeys for authentication, eliminating passwords entirely. Users authenticate with biometrics (Face ID, Touch ID, Windows Hello) or device PINs. 
import { startPkceLogin } from "@ave-id/sdk/client";

// Redirect user to Ave for authentication
await startPkceLogin({
  clientId: "YOUR_CLIENT_ID",
  redirectUri: "https://yourapp.com/callback",
});

End-to-end encryption

All user data is encrypted client-side with a master key that never leaves the user’s device in plaintext. The server only stores encrypted data and has zero knowledge of user information.
Master keys are generated in the browser and protected by:
  • Passkeys - WebAuthn credentials with PRF extension
  • Security questions - User-chosen questions hash-protect the master key
  • Trust codes - Recoverable backup codes (2 codes, single-use)

Multi-device support

Users can approve login requests from trusted devices using real-time WebSocket notifications. Master keys are transferred securely between devices using ephemeral ECDH key exchange.

OAuth 2.0 / OIDC provider

Ave implements OAuth 2.0 and OpenID Connect protocols with support for:
  • Authorization Code Flow with PKCE
  • Refresh tokens
  • Token exchange (RFC 8693)
  • Delegation grants for connector apps
  • Standard OIDC discovery endpoints

Cryptographic signing

Each user identity has an Ed25519 signing key pair. Apps can request signatures from users through the Ave signing API, enabling use cases like transaction signing, document verification, and attestations.

Why Ave?

No passwords

WebAuthn passkeys are phishing-resistant and hardware-backed

Zero knowledge

Server never sees unencrypted user data or master keys

Multi-device

Seamless login across devices with secure key transfer

Standards-based

OAuth 2.0, OIDC, WebAuthn - fully interoperable

Getting started

Choose your integration path:
1

Install the SDK

npm install @ave-id/sdk
2

Configure your app

Register your OAuth application and get client credentials from the Ave dashboard
3

Integrate authentication

Use our SDK helpers to redirect users to Ave for sign-in
4

Handle the callback

Exchange the authorization code for tokens and access user information

Ready to build?

Follow our quickstart guide to authenticate users in under 5 minutes

Build docs developers (and LLMs) love

Get started for freeTalk to us