Skip to main content
Docs

auth()

The auth() helper returns the Auth object of the currently active user, as well as the redirectToSignIn() method. It includes a single method, protect(), which you can use to check if a user is authenticated or authorized to access certain parts of your application or even entire routes.

  • Only available for App Router.
  • Only works on the server-side, such as in Server Components, Route Handlers, and Server Actions.
  • Requires clerkMiddleware() to be configured.

auth.protect()

auth includes a single property, the protect() method, which you can use in two ways:

  • to check if a user is authenticated (signed in)
  • to check if a user is authorized (has the correct roles or permissions) to access something, such as a component or a route handler

The following table describes how auth.protect() behaves based on user authentication or authorization status:

AuthenticatedAuthorizedauth.protect() will
YesYesReturn the Auth object.
YesNoReturn a 404 error.
NoNoRedirect the user to the sign-in page**.

Important

**For non-document requests, such as API requests, auth.protect() returns a 404 error to users who aren't authenticated.

auth.protect() accepts the following parameters:

  • Name
    role?
    Type
    string
    Description

    The role to check for.

  • Name
    permission?
    Type
    string
    Description

    The permission to check for.

  • Name
    has?
    Type
    (isAuthorizedParams: CheckAuthorizationParamsWithCustomPermissions) => boolean
    Description

    A function that checks if the user has an organization role or custom permission. See the reference for more information.

  • Name
    unauthorizedUrl?
    Type
    string
    Description

    The URL to redirect the user to if they are not authorized.

  • Name
    unauthenticatedUrl?
    Type
    string
    Description

    The URL to redirect the user to if they are not authenticated.

Example

auth.protect() can be used to check if a user is authenticated or authorized to access certain parts of your application or even entire routes. See detailed examples in the guide on verifying if a user is authorized.

Returns

The auth() helper returns the following:

redirectToSignIn()

The auth() helper returns the redirectToSignIn() method, which you can use to redirect the user to the sign-in page.

redirectToSignIn() accepts the following parameters:

  • Name
    returnBackUrl?
    Type
    string | URL
    Description

    The URL to redirect the user back to after they sign in.

Note

auth() on the server-side can only access redirect URLs defined via environment variables or clerkMiddleware dynamic keys.

Example

The following example shows how to use redirectToSignIn() to redirect the user to the sign-in page if they are not authenticated. It's also common to use redirectToSignIn() in clerkMiddleware() to protect entire routes; see the clerkMiddleware() docs for more information.

app/page.tsx
import { auth } from '@clerk/nextjs/server'

export default async function Page() {
  const { userId, redirectToSignIn } = await auth()

  if (!userId) return redirectToSignIn()

  return <h1>Hello, {userId}</h1>
}

auth() usage

Protect pages and routes

You can use auth() to check if a userId exists. If it's null, then there is not an authenticated (signed in) user. See detailed examples in the dedicated guide.

Check if a user is authorized

You can use auth() to check if a user is authorized to access certain parts of your application or even entire routes by checking their type of access control. See detailed examples in the guide on verifying if a user is authorized.

Data fetching with getToken()

If you need to send a JWT along to a server, getToken() retrieves the current user's session token or a custom JWT template. See detailed examples in the Auth object reference.

Feedback

What did you think of this content?
GitHubEdit on GitHub

Last updated on