Introduction Two months ago I quit my retail job to go full indie. Since then, I’ve been building create-authenik8-app entirely on my phone , and it just crossed 177 runs with a new daily record of 51 yesterday. The idea was simple: I was tired of starting every new backend project by copy-pasting the same JWT + refresh token + Redis + RBAC code… and often getting parts of the security wrong. So I built a CLI that does it correctly from day one. npx create-authenik8-app my-app 30 seconds later you have a production-ready Express + TypeScript backend with secure authentication already solved. Every backend needs authentication. Yet most of us waste days (sometimes weeks) on: Setting up secure JWT access + refresh tokens with proper rotation Implementing replay protection and secure token storage (usually in Redis) Handling OAuth account linking without creating duplicate users Adding RBAC middleware that actually works Wiring up production concerns (rate limiting, Helmet, PM2, memory guards, etc.) Even with Passport.js or Lucia, you still end up gluing everything together and hoping you didn’t introduce subtle security flaws. I wanted something better. create-authenik8-app create-authenik8-app is not another auth library. What you get instantly: The Identity Engine: The Real Differentiator At the core is the Authenik8 Identity Engine (inside authenik8-core). Instead of treating auth as separate login flows, it treats authentication as an identity resolution problem. It intelligently: Unifies credentials (email/password) and OAuth providers Prevents duplicate identities Handles smart account linking Normalizes provider profiles into your app’s schema Applies consistent security rules across all methods This design makes the whole system cleaner, more secure, and much easier to extend (MFA, WebAuthn, etc. are coming). See Exactly What You Get I published a real generated example so you can inspect the output without running anything: create-authenik8-app-example You’ll see clean code, proper middleware usage, and how the Identity Engine is integrated. Security & Trust I know the biggest concern many developers have: “It has a closed-source core , why should I trust it?” Here’s my stance: The CLI is 100% open source ,you can see exactly how everything is wired. Everything generated is fully inspectable and uses battle-tested patterns. I’m actively working on more transparency: detailed threat model, SECURITY.md, and future third-party audit. My goal is to give solo devs and small teams a much better starting point than copy-paste boilerplate ,while being honest about the trade-offs. My Journey So Far Building this on a phone has been chaotic but rewarding. I’m iterating daily based on feedback (thank you to everyone who’s commented!). Who Is This For? Solo developers and indie hackers Small teams that want to ship fast Anyone tired of repeating the same auth setup on every project If you’re building something real and want auth done correctly without the usual headache, give it a spin. Try It Now npx create-authenik8-app my-app cd my-app redis-server --daemonize yes npm run dev Repo: https://github.com/COD434/create-authenik8-app https://github.com/COD434/create-authenik8-app-example If it saves you time, a star would mean a lot to this phone-built project ⭐ I’d love your honest feedback ,what’s missing? What should I improve next?