@robojs/auth
Modern authentication for Robo.js powered by Auth.js with support for 80+ OAuth providers, email/password flows, and session management.
Modern authentication for Robo.js powered by Auth.js. Supports 80+ OAuth providers, email/password flows, session management, and upstream proxy mode.
Features
80+ OAuth Providers
Discord, Google, GitHub, Twitter, and many more
Email/Password
Argon2id hashing, signup, reset, and verification
Session Management
JWT or database-backed sessions
Flashcore Adapter
Zero-config storage out of the box
Prisma Adapter
Connect to your existing database
Proxy Mode
Share auth across multiple Robo apps
Email System
Transactional emails with Resend and React Email
Multi-account
Switch between linked accounts seamlessly
Installation
Add the plugin to your project.
npx robo add @robojs/auth@nextOr start a new project with the plugin already installed.
npx create-robo@next my-project -p @robojs/auth@nextThe installer auto-generates a secure AUTH_SECRET in your .env files.
Quick configuration
Create a plugin config file with your preferred auth providers.
import Discord from '@robojs/auth/providers/discord'
import Google from '@robojs/auth/providers/google'
import EmailPassword from '@robojs/auth/providers/email-password'
import { createFlashcoreAdapter } from '@robojs/auth'
import type { AuthPluginOptions } from '@robojs/auth'
export default <AuthPluginOptions>{
secret: process.env.AUTH_SECRET,
appName: 'My App',
adapter: createFlashcoreAdapter({ secret: process.env.AUTH_SECRET! }),
providers: [
Discord({ clientId: process.env.DISCORD_ID!, clientSecret: process.env.DISCORD_SECRET! }),
Google({ clientId: process.env.GOOGLE_ID!, clientSecret: process.env.GOOGLE_SECRET! }),
EmailPassword({ adapter: createFlashcoreAdapter({ secret: process.env.AUTH_SECRET! }) })
]
}import Discord from '@robojs/auth/providers/discord'
import Google from '@robojs/auth/providers/google'
import EmailPassword from '@robojs/auth/providers/email-password'
import { createFlashcoreAdapter } from '@robojs/auth'
export default {
secret: process.env.AUTH_SECRET,
appName: 'My App',
adapter: createFlashcoreAdapter({ secret: process.env.AUTH_SECRET! }),
providers: [
Discord({ clientId: process.env.DISCORD_ID!, clientSecret: process.env.DISCORD_SECRET! }),
Google({ clientId: process.env.GOOGLE_ID!, clientSecret: process.env.GOOGLE_SECRET! }),
EmailPassword({ adapter: createFlashcoreAdapter({ secret: process.env.AUTH_SECRET! }) })
]
}What you get
- Drop-in Auth.js REST endpoints at
/api/auth/*for providers, sign-in/out, callbacks, sessions, and CSRF. - 80+ OAuth providers including Discord, Google, GitHub, Twitter, and more.
- Built-in email/password authentication with Argon2id hashing, signup flow, password reset, and email verification.
- Two storage adapters: zero-config Flashcore (default) and Prisma for existing databases.
- Typed client helpers for sign-in, sign-out, sessions, and multi-account switching.
- Server utilities for session validation, token extraction, and runtime configuration.
- Upstream proxy mode to share authentication across multiple Robo apps.
- Transactional email system with Resend integration and React Email support.
Import paths
The plugin exports helpers through multiple entry points.
| Entry point | Purpose |
|---|---|
@robojs/auth | Main entry: adapters, config, server helpers, client helpers |
@robojs/auth/client | Client-side helpers: signIn, signOut, getSession, etc. |
@robojs/auth/server | Server-side helpers: getServerSession, getToken, etc. |
@robojs/auth/providers | Auth.js provider re-exports |
@robojs/auth/providers/* | Individual provider imports |
@robojs/auth/emails | Email system: createResendMailer |
@robojs/auth/types | Type re-exports |
Requires @robojs/server (>=0.6.5). Optional peers: @prisma/client, @react-email/components.