Features
Docs
CLI
Migrations
Benchmarks
Examples

© 2024 MoroJs

Authentication System

Enterprise-grade authentication powered by Better Auth with OAuth, JWT, sessions, RBAC, and native MoroJS integration.

Core Systems

Authentication

Enterprise-grade authentication powered by Better Auth. OAuth, SSO, RBAC, and more. Secure by default, flexible when needed.

Overview

Without proper authentication, your API is vulnerable. With MoroJS, you get enterprise-grade security out of the box.

Traditional auth setup requires multiple libraries, complex configuration, and manual security handling. We handle that automatically.

Add OAuth authentication

typescript

1app.use(auth({
2  providers: [
3    providers.github({
4      clientId: process.env.GITHUB_CLIENT_ID!,
5      clientSecret: process.env.GITHUB_CLIENT_SECRET!,
6    }),
7  ],
8  secret: process.env.AUTH_SECRET,
9}));

Without Proper Auth

  • Manual session management
  • Complex OAuth integration
  • Security vulnerabilities
  • No built-in RBAC

With MoroJS

  • One-line OAuth setup
  • Built-in RBAC system
  • Secure by default
  • Enterprise SSO support

OAuth Ready

GitHub, Google, Discord, Microsoft, LinkedIn, and more. One-line setup.

Enterprise SSO

Okta, Auth0, AWS Cognito integration. Enterprise-ready out of the box.

RBAC Built-in

Role-based access control with permissions. Protect routes easily.

Protect routes with RBAC

typescript

1// Require authentication
2app.get('/profile', requireAuth(), (req, res) => {
3  return { success: true, data: { user: req.auth.user } };
4});
5
6// Require admin role
7app.get('/admin', requireAdmin(), (req, res) => {
8  return { success: true, data: { users: getUserList() } };
9});

How It Works

MoroJS authentication is powered by Better Auth, providing secure OAuth flows, session management, and role-based access control. The authentication middleware automatically handles OAuth callbacks, session creation, and route protection.

Quick Setup

Set up authentication in three steps:

1. Environment Variables

bash

1# Required
2AUTH_SECRET=your-secret-key-here-32-characters-minimum
3GITHUB_CLIENT_ID=your-github-client-id
4GITHUB_CLIENT_SECRET=your-github-client-secret
5
6# Optional
7AUTH_URL=http://localhost:3000

2. Add Authentication Middleware

typescript

1import { createApp } from '@morojs/moro';
2import { auth, providers } from '@morojs/moro/auth';
3
4const app = await createApp();
5
6// Basic OAuth setup
7app.use(auth({
8  providers: [
9    providers.github({
10      clientId: process.env.GITHUB_CLIENT_ID!,
11      clientSecret: process.env.GITHUB_CLIENT_SECRET!,
12    }),
13    providers.google({
14      clientId: process.env.GOOGLE_CLIENT_ID!,
15      clientSecret: process.env.GOOGLE_CLIENT_SECRET!,
16    }),
17  ],
18  secret: process.env.AUTH_SECRET,
19}));
20
21// Protected route
22app.get('/dashboard', (req, res) => {
23  if (!req.auth.isAuthenticated) {
24    return res.status(401).json({ error: 'Unauthorized' });
25  }
26
27  return {
28    success: true,
29    message: 'Welcome to your dashboard',
30    data: { user: req.auth.user }
31  };
32});

3. Protect Routes

typescript

1// Check authentication in route handler
2app.get('/dashboard', (req, res) => {
3  if (!req.auth.isAuthenticated) {
4    return res.status(401).json({
5      success: false,
6      error: 'Unauthorized'
7    });
8  }
9
10  return {
11    success: true,
12    data: { user: req.auth.user }
13  };
14});

Role-Based Access Control

Protect routes with role-based access control. Use built-in helpers or create custom authorization logic.

RBAC Examples

typescript

1import { requireAuth, requireRole, requireAdmin } from '@morojs/moro/auth';
2
3// Require authentication
4app.get('/profile', requireAuth(), (req, res) => {
5  return { success: true, data: { user: req.auth.user } };
6});
7
8// Require specific role
9app.get('/admin', requireRole(['admin']), (req, res) => {
10  return { success: true, data: { message: 'Admin panel' } };
11});
12
13// Require admin role (shorthand)
14app.get('/admin/users', requireAdmin(), (req, res) => {
15  return { success: true, data: { users: getUserList() } };
16});

Available Helpers

  • requireAuth() - Require user to be authenticated
  • requireRole(['admin']) - Require specific role
  • requireAdmin() - Require admin role (shorthand)
  • requireAuth({ authorize }) - Custom authorization logic

Next Steps

Authentication API

Complete API reference for auth middleware and helpers

Enterprise Examples

Real-world examples with RBAC and audit logging