Skip to main content
Docs
Dashboard

auth()

The auth() helper returns the Auth object of the currently active user, as well as the redirectToSignIn() method.

  • Only available for App Router.
  • Only works on the server-side, such as in Server Components, Route Handlers, and Server Actions.
  • Requires clerkMiddleware() to be configured.

auth.protect()

auth includes a single property, the protect() method, which you can use in two ways:

  • to check if a user is authenticated (signed in)
  • to check if a user is authorized (has the correct roles or permissions) to access something, such as a component or a route handler

The following table describes how auth.protect() behaves based on user authentication or authorization status:

AuthenticatedAuthorizedauth.protect() will
YesYesReturn the Auth object.
YesNoReturn a 404 error.
NoNoRedirect the user to the sign-in page*.

Important

For non-document requests, such as API requests, auth.protect() returns a 404 error to users who aren't authenticated.

auth.protect() accepts the following parameters:

  • Name
    role?
    Type
    string
    Description

    The role to check for.

  • Name
    permission?
    Type
    string
    Description

    The permission to check for.

  • Name
    has?
    Type
    (isAuthorizedParams: CheckAuthorizationParamsWithCustomPermissions) => boolean
    Description

    A function that checks if the user has an organization role or custom permission. See the reference for more information.

  • Name
    unauthorizedUrl?
    Type
    string
    Description

    The URL to redirect the user to if they are not authorized.

  • Name
    unauthenticatedUrl?
    Type
    string
    Description

    The URL to redirect the user to if they are not authenticated.

Example

auth.protect() can be used to check if a user is authenticated or authorized to access certain parts of your application or even entire routes. See detailed examples in the dedicated guide.

redirectToSignIn()

The auth() helper returns the redirectToSignIn() method, which you can use to redirect the user to the sign-in page.

redirectToSignIn() accepts the following parameters:

  • Name
    returnBackUrl?
    Type
    string | URL
    Description

    The URL to redirect the user back to after they sign in.

Note

auth() on the server-side can only access redirect URLs defined via environment variables or clerkMiddleware dynamic keys.

Example

The following example shows how to use redirectToSignIn() to redirect the user to the sign-in page if they are not authenticated. It's also common to use redirectToSignIn() in clerkMiddleware() to protect entire routes; see the clerkMiddleware() docs for more information.

app/page.tsx
import { auth } from '@clerk/nextjs/server'

export default async function Page() {
  const { userId, redirectToSignIn } = await auth()

  if (!userId) return redirectToSignIn()

  return <h1>Hello, {userId}</h1>
}

auth() usage

Protect pages and routes

You can use auth() to check if a userId exists. If it's null, then there is not an authenticated (signed in) user. See detailed examples in the dedicated guide.

Check roles and permissions

You can use auth() to check if a user is authorized to access certain parts of your application or even entire routes by checking their roles or permissions. See detailed examples in the dedicated guide.

Data fetching with getToken()

If you need to send a JWT along to a server, getToken() retrieves the current user's session token or a custom JWT template. See detailed examples in the Auth reference.

Feedback

What did you think of this content?
Edit this page on GitHub

Last updated on