There’s been a noticeable shift in how authentication is approached in modern apps. Tools like Better Auth have pushed toward a model that is both developer-friendly and production-aware, with a strong emphasis on correctness, extensibility, and sensible defaults.
But if you’re working in Go, that experience hasn’t really existed.
That gap is what led to Limen.
What Limen is
Limen is a composable authentication library for Go, designed to integrate directly into your application rather than sit beside it as a separate service.
It is open source, publicly released, and available here:
The goal is to make authentication easier to add to Go backends without forcing you into a specific framework or application structure.
Why I built it
Go has no shortage of authentication libraries. There are JWT helpers, OAuth clients, and frameworks that cover parts of the problem. But most of them fall into one of two categories:
- Low-level primitives that require significant assembly
- Opinionated frameworks that are hard to extend or adapt
What’s often missing is a composable, production-ready system that:
- Handles sessions, cookies, and OAuth
- Lets you extend behavior without rewriting core logic
- Doesn’t force you into a specific router or framework
- Works with your existing database setup
This is the space Better Auth occupies in the JavaScript ecosystem. The goal with Limen is not to replicate it exactly, but to bring that level of design and usability into Go.
How Limen works
Limen is built around a plugin-first approach.
Instead of shipping every auth method as one large package, auth methods live as separate Go modules. You import the pieces you need and leave out the ones you do not.
For example, a basic setup can use the core package, a database adapter, and the credential/password plugin:
go get github.com/thecodearcher/limen
go get github.com/thecodearcher/limen/adapters/gorm
go get github.com/thecodearcher/limen/plugins/credential-password
Then you configure Limen inside your Go app:
auth, err := limen.New(&limen.Config{
BaseURL: "http://localhost:8080",
Database: gormadapter.New(db),
Plugins: []limen.Plugin{
credentialpassword.New(),
},
})
And mount it with your existing HTTP setup:
mux := http.NewServeMux()
mux.Handle("/api/auth/", auth.Handler())
That is the main idea: Limen should fit into your app, not dictate it.
What it supports today
The first public release includes support for:
- Credential/password authentication
- 10+ Social Sign-on providers (and growing)
- Two-factor authentication
- Session management
- Built-in rate limiting
- Database adapters
It works with anything that speaks http.Handler, including net/http, Gin, Chi, and Echo.
Bring your own stack
One thing I wanted to avoid was building an auth system that assumes too much about the application around it.
Limen is designed to work with your existing Go backend.
You bring your own database. You bring your own framework. You choose the plugins you need.
That makes it useful whether you are building a small API, a SaaS backend, or something more custom.
Why not just use a hosted auth provider?
Hosted auth providers are great for many teams.
But sometimes you want authentication to live inside your own application. Maybe you want more control over the data model. Maybe you want to keep your backend self-contained. Maybe you just prefer owning that part of your stack.
Limen is for that kind of project.
It gives you a foundation without making auth feel like a separate product bolted onto your app.
Current state
Limen is ready to use today and still improving. That means the API will continue to evolve, the documentation will get better, and more plugins and adapters will be added over time.
You can check it out here: