Authentication for RedwoodJS, web and api

Add auth with a web-side React provider and api-side helpers for Redwood functions and services. Sessions use the same cookie and OIDC flow as every other Authdog SDK, so one environment spans both sides.

Web provider meets api helpers

Everything Redwood apps need

A provider for the web side and typed helpers for the api side — session state in the UI, real enforcement in your functions and services.

Web-side provider

Wrap AuthdogProvider around your app in web/src/App.tsx and session state is available across every page and cell.

API-side helpers

createAuthdog() gives you getSession, getUser, requireAuth, and logout for Redwood functions and services.

Real server enforcement

requireAuth wraps your function handler and validates the session before it runs — the true enforcement point.

Resolve users in services

Inside a Redwood service, authdog.getUser(context.event) resolves the current user straight from the incoming request.

One shared session

Uses the same authdog-session cookie and OIDC userinfo flow as every other @authdog/* package, so one environment spans web and api.

Fully typed

event.authdog.user is typed end to end on the api side, and the web-side hooks are typed for your components.

Protect a Redwood function

Enforce auth with requireAuth

createAuthdog() resolves the session on the api side, and requireAuth wraps your function handler — validate the session before it runs and read event.authdog.user, fully typed.

api/src/functions/me.ts
// api/src/functions/me.ts
import { createAuthdog } from "@authdog/redwood/api"
 
const authdog = createAuthdog({ publicKey: process.env.PK_AUTHDOG! })
 
export const handler = authdog.requireAuth(async (event) => ({
statusCode: 200, body: JSON.stringify(event.authdog.user),
}))

Ship auth, not boilerplate

Authdog's Redwood integration wraps the web side in one provider and enforces sessions on the api side, so protecting a route is a single helper.

1 provider

Wraps your whole app

AuthdogProvider in web/src/App.tsx is all it takes to make session state available across pages, cells, and components.

web + api

One SDK, both sides

The same package ships a web-side provider and api-side helpers, so auth is consistent across your Redwood workspaces.

HttpOnly

Session cookie

Tokens are validated against the trusted identity host and sessions ride secure, HttpOnly cookies read on the server.

Add auth to your RedwoodJS app.

Install the SDK on both sides, wrap your app, and protect your functions today. Free to start, with secure defaults built in.