Authentication for Gatsby, client and Functions
Add auth with a React client provider and server helpers for Gatsby Functions. Sessions use the same cookie and OIDC flow as every other Authdog SDK, so one environment works across your stack.
Client provider meets Functions
Everything Gatsby apps need
A provider for the browser and typed helpers for Gatsby Functions — session state in the UI, real enforcement on the server.
Client provider
Wrap wrapRootElement in gatsby-browser.js and gatsby-ssr.js once, and session state is available across every page and component.
Gatsby Functions
createAuthdog() gives you getSession, getUser, requireAuth, and logout as first-class helpers inside src/api routes.
Real server enforcement
requireAuth is the enforcement point — it validates the session in your Functions before the handler ever runs.
One shared session
Uses the same authdog-session cookie and OIDC userinfo flow as every other @authdog/* package, so one environment spans your stack.
SSR-friendly bootstrap
The provider strips the login redirect's ?token= and reloads once so the server can persist the HttpOnly session cookie.
Fully typed
req.authdog.user is typed end to end inside Functions, and the client hooks are typed for your components.
Protect a Gatsby Function
Enforce auth with requireAuth
createAuthdog() resolves the session inside src/api routes, and requireAuth is the real enforcement point — validate the session before your handler runs and read req.authdog.user, fully typed.
// src/api/me.tsimport { createAuthdog } from "@authdog/gatsby/server" const authdog = createAuthdog({ publicKey: process.env.PK_AUTHDOG! }) export default authdog.requireAuth((req, res) => { res.json(req.authdog.user)})Ship auth, not boilerplate
Authdog's Gatsby integration wraps your site in one provider and enforces sessions in your Functions, so protecting a route is a single helper.
Wraps your whole site
wrapRootElement in gatsby-browser.js and gatsby-ssr.js is all it takes to make session state available everywhere.
In every Gatsby Function
getSession, getUser, requireAuth, and logout cover the whole server-side auth surface from src/api routes.
Session cookie
Tokens are validated against the trusted identity host and sessions ride secure, HttpOnly cookies read on the server.
Add auth to your Gatsby site.
Install the SDK, wrap your root element, and protect your Functions today. Free to start, with secure defaults built in.