auth()
The auth() helper returns the Auth object of the currently active user, as well as the redirectToSignIn() method.
- Only available for App Router.
- Only works on the server-side, such as in Server Components, Route Handlers, and Server Actions.
- Requires
clerkMiddleware()to be configured.
auth.protect()
auth includes a single property, the protect() method, which you can use in two ways:
- to check if a user is authenticated (signed in)
- to check if a user is authorized (has the correct roles or permissions) to access something, such as a component or a route handler
The following table describes how auth.protect() behaves based on user authentication or authorization status:
| Authenticated | Authorized | auth.protect() will |
|---|---|---|
| Yes | Yes | Return the Auth object. |
| Yes | No | Return a 404 error. |
| No | No | Redirect the user to the sign-in page*. |
auth.protect() accepts the following parameters:
- Name
role?- Type
string- Description
The role to check for.
- Name
permission?- Type
string- Description
The permission to check for.
- Name
has?- Type
(isAuthorizedParams: CheckAuthorizationParamsWithCustomPermissions) => boolean- Description
A function that checks if the user has an organization role or custom permission. See the reference for more information.
- Name
unauthorizedUrl?- Type
string- Description
The URL to redirect the user to if they are not authorized.
- Name
unauthenticatedUrl?- Type
string- Description
The URL to redirect the user to if they are not authenticated.
Examples
auth.protect() can be used to check if a user is authenticated or authorized to access certain parts of your application or even entire routes. See detailed examples in the dedicated guide.
redirectToSignIn()
The auth() helper returns the redirectToSignIn() method, which you can use to redirect the user to the sign-in page.
redirectToSignIn() accepts the following parameters:
- Name
returnBackUrl?- Type
string | URL- Description
The URL to redirect the user back to after they sign in.
Example
The following example shows how to use redirectToSignIn() to redirect the user to the sign-in page if they are not authenticated. It's also common to use redirectToSignIn() in clerkMiddleware() to protect entire routes; see the clerkMiddleware() docs for more information.
import { auth } from '@clerk/nextjs/server'
export default async function Page() {
const { userId, redirectToSignIn } = await auth()
if (!userId) return redirectToSignIn()
return <h1>Hello, {userId}</h1>
}Use auth() to protect pages
You can use auth() to check if a userId exists. If it does not, that means there is no user signed in. You can use this information to protect pages, as shown in the following example:
import { auth } from '@clerk/nextjs/server'
export default async function Page() {
const { userId }: { userId: string | null } = await auth()
if (!userId) return null
return <h1>Hello, {userId}</h1>
}Use auth() in API routes
See detailed examples in the dedicated guide.
Use auth() to check roles and permissions
You can use auth() to check if a user is authorized to access certain parts of your application or even entire routes. See detailed examples in the dedicated guide.
Use auth() for data fetching
When using a Clerk integration, or if you need to send a JWT along to a server, you can use the getToken() function that is returned by auth().
import { auth } from '@clerk/nextjs/server'
export async function GET() {
const { userId, getToken } = await auth()
if (!userId) {
return new Response('User is not signed in.', { status: 401 })
}
try {
const token = await getToken({ template: 'supabase' })
// Add logic here to fetch data from Supabase and return it.
const data = { supabaseData: 'Hello World' }
return Response.json({ data })
} catch (error) {
return Response.json(error)
}
}Feedback
Last updated on