Auth Astro is the easiest way to add Authentication to your Astro Project. It wraps the core of Auth.js into an Astro integration which automatically adds the endpoints and handles everything else.
(disclaimer: Please don´t confuse this package with astro-auth)
The easiest way to get started is adding this package using the astro cli.
npm run astro add auth-astro
This will install the package and required peer-dependencies and add the integration to your config. You can now jump to configuration
Alternarviely you can install the required packagages on your own.
npm install auth-astro@latest @auth/core@latest
Note: If you´re using pnpm you must also install cookie:
pnpm i cookie
Next you need to add the integration to your astro config by importing it and listing it in the integrations array.
Your auth configuartion needs to be passed to the integration function call.
For example:
import { defineConfig } from 'astro/config';
import { loadEnv } from 'vite';
import node from '@astrojs/node';
import auth from 'auth-astro'
import GitHub from '@auth/core/providers/github'
const env = loadEnv('production', process.cwd(), '');
export default defineConfig({
output: 'server',
adapter: node({
mode: 'standalone'
}),
integrations: [auth({
providers: [
GitHub({
clientId: env.GITHUB_CLIENT_ID,
clientSecret: env.GITHUB_CLIENT_SECRET,
}),
]
})]
})
Some OAuth Providers request a callback URL be submitted alongside requesting a Client ID, and Client Secret. The callback URL used by the providers must be set to the following, unless you override the prefix field in the configuration:
[origin]/api/auth/callback/[provider]
// example
// http://localhost:3000/api/auth/callback/github
Generate an auth secret by running openssl rand -hex 32
in a local terminal or by visiting generate-secret.vercel.app, copy the string, then set it as the AUTH_SECRET
environment variable describe below.
Next set the AUTH_TRUST_HOST
environment variable to true
for hosting providers like Cloudflare Pages or Netlify.
AUTH_SECRET=<auth-secret>
AUTH_TRUST_HOST=true
Setting AUTH_TRUST_HOST
is not needed as we also check for an active Vercel environment.
- Node version
>= 17.4
- Astro config set to output mode
server
- SSR enabled in your Astro project
Resources:
Your authentication endpoints now live under [origin]/api/auth/[operation]
. You can change the prefix in the configuation.
In case you need to access your auth configuartion, you can always import it by
import authConfig from 'auth:config'
Astro Auth exposes two ways to sign in and out. Inline scripts and Astro Components.
The signIn
and signOut
methods can be imported dynamically in an inline script.
---
---
<html>
<body>
<button id="login">Login</button>
<button id="logout">Logout</button>
<script>
const { signIn, signOut } = await import("auth-astro/client")
document.querySelector("#login").onclick = () => signIn("github")
document.querySelector("#logout").onclick = () => signOut()
</script>
</body>
</html>
Alternatively, you can use the SignIn
and SignOut
button components provided by auth-astro/components
importing them into your Astro component's script
---
import { SignIn, SignOut } from 'auth-astro/components'
---
<html>
<body>
...
<SignIn provider="github" />
<SignOut />
...
</body>
</html>
You can fetch the session in one of two ways. The getSession
method can be used in the component script section to fetch the session.
---
import { getSession } from 'auth-astro/server';
const session = await getSession(Astro.request)
---
{session ? (
<p>Welcome {session.user?.name}</p>
) : (
<p>Not logged in</p>
)}
Alternatively, you can use the Auth
component to fetch the session using a render prop.
---
import type { Session } from '@auth/core/types';
import { Auth, Signin, Signout } from 'auth-astro/components';
---
<Auth>
{(session: Session) =>
{session ?
<Signin provider="github">Login</Signin>
:
<Signout>Logout</Signout>
}
<p>
{session ? `Logged in as ${session.user?.name}` : 'Not logged in'}
</p>
}
</Auth>
We currently are waiting for the PR in the offical next-auth repository to be merged. Once this happened this package will be deprecated.
Us waiting means on the PR to be merged means, we can still add new features to the PR, so, if you miss anything feel free to open a PR or issue in this repo and we will try to add it to the official package to come.