Show HN: Minimal NIST/OWASP-Compliant Auth Implementation for Cloudflare Workers

Edge computing is reshaping how authentication is delivered, moving credential verification closer to the user to reduce latency and improve resilience. By anchoring its design in NIST SP 800‑63B and OWASP ASVS, the repository demonstrates that rigorous security standards can be met without sacrificing the lightweight footprint required for serverless platforms. The use of PBKDF2‑SHA384 with per‑user salts, combined with a dual‑token JWT model, offers both strong password protection and granular session control, while the Web Crypto API ensures cryptographic operations remain performant at the edge.

Beyond the core auth flow, the codebase showcases best‑practice engineering patterns: strict TypeScript typings, architecture decision records, and a comprehensive test suite that simulates real‑world attack vectors such as token replay and algorithm substitution. By exposing the full implementation—including secure cookie flags, HSTS, CSP, and other hardening headers—developers gain a hands‑on reference for building zero‑trust services that can be audited and extended. The repository’s modular layout, with separate packages for core services, database adapters, and schema validation, makes it easy to integrate into existing Cloudflare Workers projects or to fork for custom use cases.

While the reference implementation excels as an educational tool, it deliberately omits production‑grade features like rate limiting, MFA, and audit logging. Organizations planning to ship commercial products should layer these controls on top or adopt a turnkey solution such as Better Auth, which bundles OAuth, passkeys, and adaptive security out of the box. As edge platforms mature, the demand for compliant, low‑overhead authentication will grow, and projects like this set a benchmark for secure, developer‑friendly design in the serverless era.