Authentication for Gatsby, client and Functions

Add auth with a React client provider and server helpers for Gatsby Functions. Sessions use the same cookie and OIDC flow as every other Authdog SDK, so one environment works across your stack.

Client provider meets Functions

Everything Gatsby apps need

A provider for the browser and typed helpers for Gatsby Functions — session state in the UI, real enforcement on the server.

Client provider

Wrap wrapRootElement in gatsby-browser.js and gatsby-ssr.js once, and session state is available across every page and component.

Gatsby Functions

createAuthdog() gives you getSession, getUser, requireAuth, and logout as first-class helpers inside src/api routes.

Real server enforcement

requireAuth is the enforcement point — it validates the session in your Functions before the handler ever runs.

One shared session

Uses the same authdog-session cookie and OIDC userinfo flow as every other @authdog/* package, so one environment spans your stack.

SSR-friendly bootstrap

The provider strips the login redirect's ?token= and reloads once so the server can persist the HttpOnly session cookie.

Fully typed

req.authdog.user is typed end to end inside Functions, and the client hooks are typed for your components.

Protect a Gatsby Function

Enforce auth with requireAuth

createAuthdog() resolves the session inside src/api routes, and requireAuth is the real enforcement point — validate the session before your handler runs and read req.authdog.user, fully typed.

src/api/me.ts
// src/api/me.ts
import { createAuthdog } from "@authdog/gatsby/server"
 
const authdog = createAuthdog({ publicKey: process.env.PK_AUTHDOG! })
 
export default authdog.requireAuth((req, res) => {
res.json(req.authdog.user)
})

Ship auth, not boilerplate

Authdog's Gatsby integration wraps your site in one provider and enforces sessions in your Functions, so protecting a route is a single helper.

1 provider

Wraps your whole site

wrapRootElement in gatsby-browser.js and gatsby-ssr.js is all it takes to make session state available everywhere.

4 helpers

In every Gatsby Function

getSession, getUser, requireAuth, and logout cover the whole server-side auth surface from src/api routes.

HttpOnly

Session cookie

Tokens are validated against the trusted identity host and sessions ride secure, HttpOnly cookies read on the server.

Add auth to your Gatsby site.

Install the SDK, wrap your root element, and protect your Functions today. Free to start, with secure defaults built in.