The Tin Auth Proxy Server handles Clerk session authentication and proxies to an upstream application.
I didn't want to build Clerk into an OSS application I was working on but rather bolt it on. That way others could use the application with their own authentication.
- Checks, verifies and decodes the
__session
passed from the browser cookie for Clerk. - Passes through the
X-Forwarded-User
to the upstream application. - Separates Clerk session handling from the upstream application.
- The upstream service should not be accessible from the internet except by the proxy server.
- Does not handle
token
authentication. - Does not handle authorisation or roles.
- Does not handle organisations currently.
- A clerk account
Install the auth UI.
git clone git@github.com:gemmadlou/tin.auth.ui.git
cd tin.auth.ui
Setup the VITE_CLERK_PUBLISHABLE_KEY
.
You can get your Publishable key from the Clerk dashboard.
echo VITE_CLERK_PUBLISHABLE_KEY=... > .env
Start the server.
yarn dev
Outside of the auth ui project, clone the tin proxy.
git clone git@github.com:gemmadlou/tin.auth.proxy.git
cd tin.auth.proxy
Add your Clerk JWK to the .env file.
You can get your JWK json URL from Clerk.
echo JWK_URL=https://clerk.xxxxxxxxxxxxxx.dev/.well-known/jwks.json > .env
Add your Auth UI URL to the .env
echo AUTH_FE_URL=http://localhost:5173/ >> .env
Add your upstream app to the .env
echo PROXY_TARGET_URL=http://localhost:3001/ >> .env
Start the proxy server.
yarn dev
Add a logout button to your application.
It must go to the
/session
.
<a href="/session">
Log out
</a>
Look at the Nitro documentation to learn more.
Make sure to install the dependencies:
yarn install
Start the development server on http://localhost:3000
yarn dev
Build the application for production:
yarn build
Locally preview production build:
yarn preview
Check out the deployment documentation for more information.