Astro

Authentication for Astro, islands and all

Add auth with session middleware, server helpers, and a tiny vanilla client bootstrap — no UI-framework peer dependency required. Authdog fits Astro's islands model instead of fighting it.

Start building Read the docs

Session middleware

src/middleware.ts

// src/middleware.ts
import { defineMiddleware } from "astro:middleware"
import { authdogMiddleware } from "@authdog/astro/server"
 
export const onRequest = defineMiddleware(
  authdogMiddleware({ publicKey: import.meta.env.PUBLIC_AUTHDOG_PUBLIC_KEY }),
)

Built for the islands model

Everything Astro apps need

Server middleware and helpers that resolve sessions per request — with no UI-framework lock-in.

Session middleware

Wire authdogMiddleware once and every request gets Astro.locals.authdog — a typed session resolved on the server, per request.

Built for islands

A framework-agnostic middleware plus a tiny vanilla client bootstrap means no UI-framework peer dependency — works whatever you render with.

Server helpers

createAuthdogServer() resolves the full user on demand in .astro pages, endpoints, and actions, and handles logout from an API route.

Secure by default

Tokens are validated against the trusted identity host and sessions ride secure, HTTP-only cookies read only on the server.

SSR & hybrid ready

Designed for SSR-capable Astro apps so middleware can read the session cookie on every request — no static-only limitations.

Typed locals

Augment App.Locals once and Astro.locals.authdog is fully typed across your pages, endpoints, and actions.

Read the session in .astro

Auth from Astro.locals

Middleware populates Astro.locals.authdog on every request, so any .astro page can branch on isAuthenticated or resolve the full user on demand — no providers, no client-side token handling.

dashboard.astro

--- dashboard.astro
const { isAuthenticated } = Astro.locals.authdog
---
 
{isAuthenticated ? (
  <p>Welcome back</p>
) : (
  <a href="/login">Sign in</a>
)}

Ship auth, not boilerplate

Authdog's Astro integration resolves the session in middleware and exposes it through typed locals, so protecting a page is a single check.

1 middleware

To resolve sessions everywhere

UI-framework peer dependencies

The middleware and vanilla client bootstrap are framework-agnostic, so auth works with any island you render.

<1ms

Session read per request

The session cookie is parsed and verified in middleware before your page renders, so protected content never flashes.

Add auth to your Astro app.

Install the SDK, wire up the middleware, and read the session from Astro.locals today. Free to start, with secure defaults built in.

Start Building