Authentication for RedwoodJS, web and api
Add auth with a web-side React provider and api-side helpers for Redwood functions and services. Sessions use the same cookie and OIDC flow as every other Authdog SDK, so one environment spans both sides.
Web provider meets api helpers
Everything Redwood apps need
A provider for the web side and typed helpers for the api side — session state in the UI, real enforcement in your functions and services.
Web-side provider
Wrap AuthdogProvider around your app in web/src/App.tsx and session state is available across every page and cell.
API-side helpers
createAuthdog() gives you getSession, getUser, requireAuth, and logout for Redwood functions and services.
Real server enforcement
requireAuth wraps your function handler and validates the session before it runs — the true enforcement point.
Resolve users in services
Inside a Redwood service, authdog.getUser(context.event) resolves the current user straight from the incoming request.
One shared session
Uses the same authdog-session cookie and OIDC userinfo flow as every other @authdog/* package, so one environment spans web and api.
Fully typed
event.authdog.user is typed end to end on the api side, and the web-side hooks are typed for your components.
Protect a Redwood function
Enforce auth with requireAuth
createAuthdog() resolves the session on the api side, and requireAuth wraps your function handler — validate the session before it runs and read event.authdog.user, fully typed.
// api/src/functions/me.tsimport { createAuthdog } from "@authdog/redwood/api" const authdog = createAuthdog({ publicKey: process.env.PK_AUTHDOG! }) export const handler = authdog.requireAuth(async (event) => ({ statusCode: 200, body: JSON.stringify(event.authdog.user),}))Ship auth, not boilerplate
Authdog's Redwood integration wraps the web side in one provider and enforces sessions on the api side, so protecting a route is a single helper.
Wraps your whole app
AuthdogProvider in web/src/App.tsx is all it takes to make session state available across pages, cells, and components.
One SDK, both sides
The same package ships a web-side provider and api-side helpers, so auth is consistent across your Redwood workspaces.
Session cookie
Tokens are validated against the trusted identity host and sessions ride secure, HttpOnly cookies read on the server.
Add auth to your RedwoodJS app.
Install the SDK on both sides, wrap your app, and protect your functions today. Free to start, with secure defaults built in.