Alephaalephav0.14.4
Explorer
batch.md
bucket.md
command.md
core.md
email.md
fake.md
file.md
mcp.md
orm.md
redis.md
retry.md
scheduler.md
security.md
auth.md
cache.md
cookies.md
core.md
health.md
helmet.md
links.md
metrics.md
multipart.md
proxy.md
rate-limit.md
static.md
swagger.md
sms.md
thread.md
websocket.md
@alepha/bucket-azure.md
@alepha/bucket-s3.md
@alepha/bucket-vercel.md
@alepha/devtools.md
alepha@docs:~/docs/packages/alepha/server$
cat auth.md
2 min read
Last commit:

#Alepha - Server Auth

#Installation

Part of the alepha package. Import from alepha/server/auth.

npm install alepha

#Overview

Allow authentication services for server applications. It provides login and logout functionalities.

There are multiple authentication providers available (e.g., Google, GitHub). You can also delegate authentication to your own OIDC/OAuth2, for example using Keycloak or Auth0.

It's cookie-based and SSR friendly.

#API Reference

#Primitives

Primitives are functions that define and configure various aspects of your application. They follow the convention of starting with $ and return configured primitive instances.

For more details, see the Primitives documentation.

#$auth()

Creates an authentication provider primitive for handling user login flows.

Supports multiple authentication strategies: credentials (username/password), OAuth2, and OIDC (OpenID Connect). Handles token management, user profile retrieval, and integration with both external identity providers (Auth0, Keycloak) and internal realms.

Authentication Types: Credentials, OAuth2 (Google, GitHub), OIDC, External providers

ts 
 1class AuthProviders { 2  // Internal credentials-based auth 3  credentials = $auth({ 4    realm: this.userRealm, 5    credentials: { 6      account: async ({ username, password }) => { 7        return await this.validateUser(username, password); 8      } 9    }10  });11 12  // External OIDC provider13  keycloak = $auth({14    oidc: {15      issuer: "https://auth.example.com",16      clientId: "my-app",17      clientSecret: "secret",18      redirectUri: "/auth/callback"19    }20  });21}

#$authApple()

TODO: Implement Apple authentication

#$authCredentials()

Already configured Credentials authentication primitive.

Uses username and password to authenticate users.

#$authGithub()

Already configured GitHub authentication primitive.

Uses OAuth2 to authenticate users via their GitHub accounts. Upon successful authentication, it links the GitHub account to a user session.

Environment Variables:

  • GITHUB_CLIENT_ID: The client ID obtained from the GitHub Developer Settings.
  • GITHUB_CLIENT_SECRET: The client secret obtained from the GitHub Developer Settings.

#$authGoogle()

Already configured Google authentication primitive.

Uses OpenID Connect (OIDC) to authenticate users via their Google accounts. Upon successful authentication, it links the Google account to a user session.

Environment Variables:

  • GOOGLE_CLIENT_ID: The client ID obtained from the Google Developer Console.
  • GOOGLE_CLIENT_SECRET: The client secret obtained from the Google Developer Console.
On This Page
No headings found...
ready
mainTypeScript
UTF-8packages_alepha_server_auth.md