Skip to main content

Function Signature

function createAuth(config: AuthConfig): {
  handler: (req: Request) => Response | Promise<Response>
  getSession: (req: Request) => Promise<Session | null>
  $context: AuthContext
}

Parameters

config
AuthConfig
required
The authentication configuration object. See AuthConfig for detailed field descriptions.

Return Value

The createAuth function returns an object with three properties:
handler
(req: Request) => Response | Promise<Response>
The HTTP request handler for all authentication routes. Pass incoming requests to this handler to process sign-in, sign-up, OAuth, OTP, and session endpoints.
getSession
(req: Request) => Promise<Session | null>
Retrieves the current session from a request. Returns the session object if valid, or null if no valid session exists.
$context
AuthContext
Internal context object containing the database adapter, session manager, config, and plugins. Useful for advanced use cases and debugging.
interface AuthContext {
  adapter: DatabaseAdapter
  sessionManager: SessionManager
  config: AuthConfig
  plugins: Plugin[]
}

Usage Example

import { createAuth } from "@arraf-auth/core"
import { DrizzleAdapter } from "@arraf-auth/adapter-drizzle"
import { db } from "./db"

const auth = createAuth({
  secret: process.env.AUTH_SECRET!,
  database: DrizzleAdapter(db),
  session: {
    strategy: "database",
    expiresIn: "7d",
  },
  providers: [
    // OAuth providers here
  ],
  trustedOrigins: ["http://localhost:3000"],
})

// Use the handler in your framework
export const { handler, getSession } = auth

// Example: Next.js App Router
export async function POST(req: Request) {
  return handler(req)
}

export async function GET(req: Request) {
  return handler(req)
}

// Get session in any route
export async function protectedRoute(req: Request) {
  const session = await getSession(req)
  
  if (!session) {
    return new Response("Unauthorized", { status: 401 })
  }
  
  return new Response(JSON.stringify({ userId: session.userId }))
}
The handler automatically manages all authentication routes including /auth/sign-in, /auth/sign-up, /auth/sign-out, /auth/session, /auth/otp/send, and /auth/otp/verify.
Use the $context property to access internal components for advanced customization or debugging purposes.

Build docs developers (and LLMs) love

Get started for freeTalk to us