Authdog

TanStack Start

View as Markdown

The @authdog/tanstack-start SDK provides a callback loader, HttpOnly cookie handling, and a small React URL-cleanup provider.

Install

npm install @authdog/tanstack-start

Requires @tanstack/react-start ^1 and React 18 or 19. Set PK_AUTHDOG (your pk_... key) on the server.

Wrap the app

Wrap the root component with AuthdogProvider. When ?token= is present, it removes the parameter and reloads. It does not validate or persist the token, so the server loader must process the original request first:

import { AuthdogProvider } from "@authdog/tanstack-start/client"

function RootLayout({ children }: { children: React.ReactNode }) {
  return <AuthdogProvider>{children}</AuthdogProvider>
}

Handle the callback on the server

identityLoader() accepts a standard Request and returns a standard Response. It validates callback and cookie credentials through Authdog userinfo. Return its Response unchanged from the server route that receives the hosted sign-in redirect:

import { identityLoader } from "@authdog/tanstack-start"

const loadIdentity = identityLoader()

export async function handleAuthdogRequest(request: Request): Promise<Response> {
  return loadIdentity({ request })
}

Wire handleAuthdogRequest into a TanStack Start server route matched by the callback URL. Do not call response.json() and return only its body: that drops the two Set-Cookie headers. The loader reports { user, isAuthenticated, signinUri }; it does not redirect or deny access, so protected handlers must check isAuthenticated and apply authorization.

Sign out

logoutLoader is a server loader and returns a 302 Response that clears the session cookies. Return it unchanged from a server route:

import { logoutLoader } from "@authdog/tanstack-start"
export const logout = logoutLoader

AuthdogProvider is presentational callback cleanup, not an authentication provider or route guard.

Next steps

Learn more