Skip to main content

Auth Wire

The Auth wire (@fluxkitdev/auth) provides a complete authentication and authorization system including local email/password auth, OAuth providers, JWT token management, and magic links.

Installation

npm install @fluxkitdev/core @fluxkitdev/auth

Quick Start

import { FluxKit } from "@fluxkitdev/core";
import { auth } from "@fluxkitdev/auth";

const app = new FluxKit({
  wires: [
    auth({
      jwt: {
        secret: process.env.JWT_SECRET,
        expiresIn: "7d",
      },
      oauth: {
        google: {
          clientId: process.env.OAUTH_GOOGLE_CLIENT_ID,
          clientSecret: process.env.OAUTH_GOOGLE_CLIENT_SECRET,
          callbackUrl: "/auth/google/callback",
        },
      },
      magicLink: {
        enabled: true,
      },
    }),
  ],
  database: { uri: process.env.MONGODB_URI },
});

await app.start({ port: 3000 });

Once started, the following REST API endpoints are available:

  • POST /auth/register -- Create a new user
  • POST /auth/login -- Log in with email/password
  • POST /auth/logout -- Log out (invalidate token)
  • GET /auth/me -- Get current user
  • GET /auth/google -- Start Google OAuth flow
  • POST /auth/magic-link -- Send a magic link
  • POST /auth/verify-magic-link -- Verify a magic link token

Features

FeatureDescription
Local AuthEmail/password registration and login
OAuthGoogle, GitHub, Discord, and custom OAuth providers
JWTJSON Web Token issuance and verification
Magic LinksPasswordless authentication via email

Programmatic API

In addition to the REST API, you can use the auth wire programmatically:

// Create a user
const user = await app.auth.createUser({
  email: "alice@example.com",
  password: "secure-password",
  name: "Alice",
});

// Verify credentials
const verified = await app.auth.verifyCredentials(
  "alice@example.com",
  "secure-password"
);

// Generate a JWT
const token = app.auth.generateToken({ userId: user._id });

// Verify a JWT
const payload = app.auth.verifyToken(token);

Environment Variables

VariableDefaultDescription
JWT_SECRET--Secret key for JWT signing (required)
JWT_EXPIRES_IN7dToken expiration time
OAUTH_GOOGLE_CLIENT_ID--Google OAuth client ID
OAUTH_GOOGLE_CLIENT_SECRET--Google OAuth client secret
OAUTH_GITHUB_CLIENT_ID--GitHub OAuth client ID
OAUTH_GITHUB_CLIENT_SECRET--GitHub OAuth client secret
MAGIC_LINK_EXPIRY15mMagic link token expiry