Auth Module Options

In this document, you'll learn about the options of the Auth Module.

providers

medusa-config.js

const modules = {
  // ...
  auth: {
    resolve: "@medusajs/auth",
    options: {
      providers: [
        {
          name: "emailpass",
          scopes: {
            store: {},
            admin: {},
          },
        },
        {
          name: "google",
          scopes: {
            admin: {
              clientID: process.env.GOOGLE_CLIENT_ID,
              clientSecret: process.env.GOOGLE_CLIENT_SECRET,
              callbackURL: process.env.GOOGLE_CALLBACK_URL,
              successRedirectUrl:
                process.env.GOOGLE_SUCCESS_REDIRECT_URL,
            },
          },
        },
      ],
    },
  },
}

The providers option is an array of objects indicating the auth providers to register, their scopes, and configurations.

Each object accepts the following properties:

name: The provider's name, which is set in the auth provider class's PROVIDER attribute. For example, emailpass or google.
scopes: An object of scopes. The keys are a scope's name, which in the Medusa application would be either admin or store. The value is an object of configurations for that scope. Each provider accepts different scope configurations as detailed below.

emailpass Scope Configurations

Configuration	Description	Required	Default
`hashConfig`	An object of configurations to use when hashing the user's password. Refer to scrypt-kdf's documentation for accepted options.	No	`const hashConfig = { logN: 15, r: 8, p: 1 }`

google Scope Configurations

Prerequisites

Follow this Google documentation to enable Google's APIs and retrieve the necessary credentials.

Configuration	Description	Required	Default
`clientID`	A string indicating the Google API Client ID.	Yes	-
`clientSecret`	A string indicating the Google Client Secret.	Yes	-
`callbackURL`	A string indicating the URL to redirect to in your app after the user completes their authentication in Google. The Medusa application provides the API route `/auth/[scope]/google/callback` that you can use, where `[scope]` is the scope this config belongs to. For example, `/auth/store/google/callback`.	Yes	-
`successRedirectUrl`	A string indicating the URL to redirect to in your app after the authentication has been successful. If not provided, the Medusa application's callback route just returns a JSON with the JWT token of the auth user.	No	-

Environment Variables

Make sure to add the necessary environment variables for the above options in .env:

GOOGLE_CLIENT_ID=<YOUR_GOOGLE_CLIENT_ID>
GOOGLE_CLIENT_SECRET=<YOUR_GOOGLE_CLIENT_SECRET>
GOOGLE_CALLBACK_URL=<YOUR_GOOGLE_CALLBACK_URL>
GOOGLE_SUCCESS_REDIRECT_URL=<YOUR_GOOGLE_SUCCESS_REDIRECT_URL>

Auth CORS

The Medusa application's authentication API routes are defined under the /auth prefix that requires setting the auth_cors configuration. So, before using these routes, make sure to set that configuration.

Refer to Medusa's configuration guide for more details.

Was this section helpful?

providers​

emailpass Scope Configurations​

google Scope Configurations​

Environment Variables​

Auth CORS​

providers

emailpass Scope Configurations

google Scope Configurations

Environment Variables

Auth CORS