Introducing @vibe-kit/auth: Unlock Your AI "Max" Subscriptions

VibeKit now supports universal authentication for AI provider "Max" subscriptions, enabling developers to leverage their expensive Claude, Gemini, or Grok Max subscriptions across any application.

The Problem

Current approach: AI "Max" subscriptions locked to provider's closed ecosystems. New approach: Universal authentication that unlocks "Max" subscriptions for any application.

You're paying hundreds of dollars monthly for Claude, Gemini, or Grok Max subscriptions, but can only use them within their native interfaces. @vibe-kit/auth changes this by providing programmatic access to your existing subscriptions through secure OAuth flows.

What This Enables

This maximizes the value of your AI investments by enabling cross-application usage of your premium subscriptions.

Subscription Liberation

Access your "Max" subscriptions from any application. Secure OAuth 2.0 with PKCE authentication flows. Automatic token management and refresh.

Cost Optimization

Leverage existing "Max" subscriptions instead of paying per-API-call. Reduce operational costs for AI-powered applications. Maximize every dollar spent on premium AI access.

Universal Integration

Compatible with official provider SDKs like Anthropic's Claude SDK. Cross-platform support for Node.js and browser environments. Flexible token storage options for different deployment scenarios.

Getting Started

Adding universal AI authentication to your application is straightforward:

import { ClaudeAuth } from '@vibe-kit/auth/node';

// Node.js environment - automatic browser flow
const token = await ClaudeAuth.authenticate();

// Verify authentication status
const isAuthenticated = await ClaudeAuth.isAuthenticated();

// Use with official SDKs
const accessToken = await ClaudeAuth.getValidToken();

Use Cases This Enables

Development scenarios that require premium AI access across multiple applications:

• Multi-application AI workflows: Use your Claude, Gemini, or Grok Max subscriptions across different tools and services
• Cost-effective AI development: Avoid per-API-call charges by leveraging existing subscriptions
• Enterprise AI integration: Centralized authentication for team-based AI applications
• Cross-platform AI tools: Consistent premium AI access across web, desktop, and mobile applications

Technical Implementation

The authentication system uses OAuth 2.0 with PKCE for secure, cross-platform authentication flows.

Browser Integration

For client-side applications:

npm install @vibe-kit/auth

import { ClaudeWebAuth, LocalStorageTokenStorage } from '@vibe-kit/auth/browser';

const storage = new LocalStorageTokenStorage();
const auth = new ClaudeWebAuth(storage);

// Generate authorization URL
const { url, state, codeVerifier } = ClaudeWebAuth.createAuthorizationUrl();

// Handle authorization callback
const token = await auth.authenticate(authCode, codeVerifier, state);

Server-Side Setup

import { ClaudeAuth, MemoryTokenStorage } from '@vibe-kit/auth/node';

// Automatic authentication flow
const token = await ClaudeAuth.authenticate();

// Manual token management
const auth = new ClaudeAuth(new MemoryTokenStorage());
const isValid = await auth.isAuthenticated();

Integration with Official SDKs

import { Anthropic } from '@anthropic-ai/sdk';
import { ClaudeAuth } from '@vibe-kit/auth/node';

const accessToken = await ClaudeAuth.getValidToken();

const anthropic = new Anthropic({
  authToken: accessToken,
});

const response = await anthropic.messages.create({
  model: 'claude-sonnet-4-20250514',
  messages: [{ role: 'user', content: 'Hello!' }]
});

Technical Capabilities

• OAuth 2.0 with PKCE: Secure authentication flows with CSRF protection
• Universal token storage: Memory, localStorage, and cookie-based storage options
• Automatic token refresh: Seamless session management
• Cross-platform compatibility: Node.js and browser environments
• Multi-provider support: Built for Claude, Gemini, Grok, and beyond

Security Features

• Restricted file permissions: Secure token storage in Node.js environments
• State parameter validation: CSRF attack prevention
• Automatic token expiry handling: Seamless re-authentication when needed
• Environment-specific security: Browser-safe authentication methods

Storage Options

Multiple storage backends for different deployment scenarios:

• MemoryTokenStorage: Server-side in-memory storage
• LocalStorageTokenStorage: Browser localStorage persistence
• CookieTokenStorage: Server-side cookie-based storage

Requirements

• Node.js 18+
• Modern browser support for OAuth flows
• Valid "Max" subscription for target AI provider

Technical documentation: https://github.com/superagent-ai/vibekit/tree/main/packages/auth