Skip to main content
The feathers generate authentication command sets up authentication in your application. This includes creating a user service, configuring authentication strategies, and setting up OAuth providers if needed.

Usage

feathers generate authentication
Alias: feathers g authentication

Interactive Prompts

When you run this command, you’ll be prompted for:

Authentication Strategies

authStrategies
string[]
required
The authentication methods to enable in your applicationChoices (multiple selection):
  • local - Email + Password (checked by default)
  • google - Google OAuth
  • facebook - Facebook OAuth
  • twitter - Twitter OAuth
  • github - GitHub OAuth
  • auth0 - Auth0 OAuth
You can select multiple strategies. Additional providers can be added later.

User Service Configuration

If you select local (Email + Password) authentication:
service
string
The name for the user serviceDefault: users
path
string
The API path for the user serviceDefault: Same as service name (e.g., /users)
schema
string
Schema validation libraryChoices:
  • typebox - TypeBox (recommended)
  • json - JSON Schema

What Gets Generated

Running this command will:
1

Install authentication packages

Installs required authentication packages:
npm install @feathersjs/authentication @feathersjs/authentication-local
For OAuth strategies, also installs:
npm install @feathersjs/authentication-oauth
2

Create user service

Generates a complete user service with:
  • Service class (src/services/users/users.class.ts)
  • Schema definitions with password hashing (src/services/users/users.schema.ts)
  • Service registration (src/services/users/users.ts)
  • Shared types (src/services/users/users.shared.ts)
3

Configure authentication

Creates src/authentication.ts with:
  • JWT strategy configuration
  • Local strategy setup (if selected)
  • OAuth strategy setup (if selected)
4

Update configuration files

Adds authentication configuration to:
  • config/default.json - JWT secret, authentication settings
  • config/production.json - Production-specific settings
For OAuth strategies, adds provider client IDs and secrets.
5

Register authentication

Updates src/app.ts to configure authentication services and hooks
6

Update client types

Updates src/client.ts with authentication client configuration

Generated Files Example

User Service Schema

src/services/users/users.schema.ts
import { Type } from '@feathersjs/typebox'
import { passwordHash } from '@feathersjs/authentication-local'

export const userSchema = Type.Object({
  id: Type.Number(),
  email: Type.String({ format: 'email' }),
  password: Type.Optional(Type.String())
})

export const userResolver = resolve<User, HookContext>({
  properties: {
    password: passwordHash({ strategy: 'local' })
  }
})

Authentication Configuration

src/authentication.ts
import { AuthenticationService, JWTStrategy } from '@feathersjs/authentication'
import { LocalStrategy } from '@feathersjs/authentication-local'
import { oauth, OAuthStrategy } from '@feathersjs/authentication-oauth'
import type { Application } from './declarations'

export const authentication = (app: Application) => {
  const authentication = new AuthenticationService(app)

  authentication.register('jwt', new JWTStrategy())
  authentication.register('local', new LocalStrategy())
  authentication.register('google', new OAuthStrategy())

  app.use('authentication', authentication)
  app.configure(oauth())
}

Configuration

config/default.json
{
  "authentication": {
    "entity": "user",
    "service": "users",
    "secret": "supersecret",
    "authStrategies": ["jwt", "local"],
    "jwtOptions": {
      "header": { "typ": "access" },
      "audience": "https://yourdomain.com",
      "algorithm": "HS256",
      "expiresIn": "1d"
    },
    "local": {
      "usernameField": "email",
      "passwordField": "password"
    },
    "oauth": {
      "redirect": "/",
      "google": {
        "key": "<google oauth client id>",
        "secret": "<google oauth client secret>"
      }
    }
  }
}

OAuth Setup

If you selected OAuth providers, you’ll need to:
1

Create OAuth application

Register your application with the OAuth provider (Google, GitHub, etc.) to get client credentials
2

Configure redirect URLs

Set the OAuth callback URL to: http://localhost:3030/oauth/{provider}/callbackFor production, use your actual domain.
3

Add credentials to configuration

Update config/default.json with your OAuth client ID and secret:
{
  "authentication": {
    "oauth": {
      "google": {
        "key": "your-client-id",
        "secret": "your-client-secret"
      }
    }
  }
}
4

Use environment variables in production

config/production.json
{
  "authentication": {
    "oauth": {
      "google": {
        "key": "$GOOGLE_CLIENT_ID",
        "secret": "$GOOGLE_CLIENT_SECRET"
      }
    }
  }
}
Never commit OAuth secrets to version control. Always use environment variables for sensitive credentials.

Testing Authentication

After generation, you can test authentication: 
# Create a user
curl -X POST http://localhost:3030/users \
  -H "Content-Type: application/json" \
  -d '{"email":"[email protected]","password":"secret"}'

# Login
curl -X POST http://localhost:3030/authentication \
  -H "Content-Type: application/json" \
  -d '{"strategy":"local","email":"[email protected]","password":"secret"}'

Next Steps

Authentication Guide

Learn how to use authentication in your app

JWT Configuration

Configure JWT tokens and strategies

OAuth Setup

Set up OAuth providers

Local Strategy

Configure email/password authentication

Build docs developers (and LLMs) love

Get started for freeTalk to us