Skip to main content
Docs

getAuth()

The getAuth() helper retrieves the current user's authentication state from the request object. It returns the . See the for more examples on how to use the returned Auth object.

getAuth() options

  • Name
    request
    Description

    The request object.

  • Name
    opts?
    Type
    {acceptsToken: TokenType, treatPendingAsSignedOut: boolean }
    Description

    An optional object that can be used to configure the behavior of the getAuth() function. It accepts the following properties:

    • acceptsToken?: The type of authentication token(s) to accept. Valid values are:

      • 'session_token' - authenticates a user session.
      • 'oauth_token' - authenticates a machine request using OAuth.
      • 'm2m_token' - authenticates a machine to machine request.
      • 'api_key' - authenticates a machine request using API keys.

      Can be set to:

      • A single token type.
      • An array of token types.
      • 'any' to accept all available token types.

      Defaults to 'session_token'.

    • treatPendingAsSignedOut?: A boolean that indicates whether to treat as signed out. Defaults to true.

Example: Use getAuth() to retrieve the userId

The following example uses getAuth() to protect a route and load the user's data. If the user is authenticated, their userId is passed to to get the current user's object. If not authenticated, the request is rejected with a 401 status code.

// dotenv must be imported before @clerk/fastify
import 'dotenv/config'
import Fastify from 'fastify'
import { clerkClient, clerkPlugin, getAuth } from '@clerk/fastify'

const fastify = Fastify({ logger: true })

fastify.register(clerkPlugin)

// Use `getAuth()` to protect this route
fastify.get('/protected', async (request, reply) => {
  try {
    // Use `getAuth()` to access `isAuthenticated` and the user's ID
    const { isAuthenticated, userId } = getAuth(request)

    // If user isn't authenticated, return a 401 error
    if (!isAuthenticated) {
      return reply.code(401).send({ error: 'User not authenticated' })
    }

    // Use `clerkClient` to access Clerk's JS Backend SDK methods
    // and get the user's User object
    const user = await clerkClient.users.getUser(userId)

    return reply.send({
      message: 'User retrieved successfully',
      user,
    })
  } catch (error) {
    fastify.log.error(error)
    return reply.code(500).send({ error: 'Failed to retrieve user' })
  }
})

const start = async () => {
  try {
    await fastify.listen({ port: 8080 })
  } catch (error) {
    fastify.log.error(error)
    process.exit(1)
  }
}

start()

For examples on how to use getAuth() to perform authorization checks, see the dedicated guide.

Example: Protect a route based on token type

The following example uses getAuth() to protect the route based on token type:

  • It accepts any token type (acceptsToken: 'any') from the request.
  • If the token is a session_token, it logs that the request is from a user session.
  • Otherwise, it logs that the request uses a machine token and specifies its type.
import Fastify from 'fastify'
import { getAuth } from '@clerk/fastify'

const fastify = Fastify()

fastify.get('/path', (request, reply) => {
  // Use `getAuth()` to protect a route based on token type
  const authObject = getAuth(req, { acceptsToken: 'any' })

  if (authObject.tokenType === 'session_token') {
    console.log('This is a session token from a user')
  } else {
    console.log(`This is a ${authObject.tokenType} token`)
  }
})

Feedback

What did you think of this content?
Edit this page on GitHub

Last updated on