Packages@robojs/auth
AuthPluginOptions
Interface: AuthPluginOptions
Configuration options for the @robojs/auth plugin.
Refer to the plugin README for a comprehensive table of options and defaults. The CLI applies sane defaults; most fields are optional.
Notable defaults:
basePath: "/api/auth"session.maxAge: 2592000 (30 days)session.updateAge: 86400 (24 hours)session.strategy: 'database' when an adapter is present, otherwise 'jwt'
Security notes:
allowDangerousEmailAccountLinkingshould remainfalseunless all OAuth providers are fully trusted.
Properties
| Property | Type | Description |
|---|---|---|
adapter? | unknown | Storage adapter for users, sessions, and accounts. Example createFlashcoreAdapter({ secret: process.env.AUTH_SECRET! }) |
allowDangerousEmailAccountLinking? | boolean | ⚠️ Security: automatically link accounts by email across OAuth providers. Only enable if you fully trust every provider to verify email ownership. Default false |
appName? | string | Display name for the application. Used in emails and default UI strings. Default "Robo.js" Example "My Awesome App" |
basePath? | string | Base path for all auth routes. Default "/api/auth" Examples "/api/auth" "/auth" |
callbacks? | {} | Auth.js callback hooks. |
cookies? | CookiesOptions | Cookie overrides for Auth.js cookies. |
debug? | boolean | Enable verbose Auth.js debug logging. Default false |
email? | { deliver: (...args) => any; expiresInMinutes: number; from: string; sendVerificationRequest: (...args) => any; subject: string | (...args) => any; template: string | (...args) => any; text: string | (...args) => any; } | Legacy email configuration (prefer the richer emails object). |
email.deliver? | (...args: [any, ...unknown[]]) => any | - |
email.expiresInMinutes? | number | - |
email.from? | string | Sender email address (prefer emails.from). |
email.sendVerificationRequest? | (...args: [any, ...unknown[]]) => any | Custom delivery function (prefer emails.mailer). |
email.subject? | string | (...args) => any | - |
email.template? | string | (...args) => any | HTML template string or function (prefer emails.templates). |
email.text? | string | (...args) => any | - |
emails? | EmailsOptions | Email system configuration: mailer, templates, and triggers. |
events? | {} | Auth.js event handlers. |
pages? | PagesOptions | Custom UI page paths for Auth.js built‑in routes. |
providers? | Provider[] | Array of authentication providers (OAuth, email, credentials). Default [] |
redirectProxyUrl? | string | Proxy URL used on preview deployments to build correct redirects. |
secret? | string | Secret for JWT signing and token hashing. ⚠️ Security: Required in production. Reads from AUTH_SECRET or NEXTAUTH_SECRET. Example process.env.AUTH_SECRET |
session? | SessionOptions | Session strategy and timing controls. Default strategy: adapter ? 'database' : 'jwt', maxAge: 2592000, updateAge: 86400 |
upstream? | UpstreamOptions | Forward all auth routes to another Robo instance. Default cookieName: "authjs.session-token"; sessionStrategy falls back to local strategy when omitted |
url? | string | Canonical app URL used by Auth.js in redirects. |