🔐
Authentication
Add user signup, login, OAuth, and session management to your app without building any auth infrastructure. Redirect users to our hosted login, get a token back.
1Quick start
Create a project in your dashboard, grab your client_id, and add a redirect URI.
2Redirect to hosted login
Send your users to our login page. We handle the UI, email verification, and OAuth providers.
login.tstypescript
const loginUrl = "https://astapa.com/auth/login";
const params = new URLSearchParams({
client_id: "your_client_id",
redirect_uri: "https://yourapp.com/callback",
});
window.location.href = `${loginUrl}?${params}`;3Exchange the code for a token
After login, the user is redirected back with an authorization code. Exchange it server-side for an access token.
callback.tstypescript
const code = searchParams.get("code");
const res = await fetch("https://astapa.com/api/platform/token", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
grant_type: "authorization_code",
code,
client_id: process.env.CLIENT_ID,
client_secret: process.env.CLIENT_SECRET,
redirect_uri: "https://yourapp.com/callback",
}),
});
const { access_token, refresh_token } = await res.json();4Verify the token
The access token is a signed JWT (RS256). Verify it using our JWKS endpoint or decode it directly with the public key.
middleware.tstypescript
import jwt from "jsonwebtoken";
const decoded = jwt.verify(access_token, publicKey, {
algorithms: ["RS256"],
});
// decoded.sub → end user ID
// decoded.email → user email
// decoded.claims → custom claims (plan, role, etc.)