Aura Auth
Configuration

Environment Variables

Complete guide to configuring Aura Auth via environment variables

Environment Variables

Aura Auth requires environment variables to store sensitive data related to OAuth credentials, secret keys for signing and encrypting JWTs and CSRF tokens, and salts for key derivation.

All environment variables support multiple patterns that allow Aura Auth to load automatically without needing to set them directly in the createAuth function. The AURA prefix is optional for environment variables consumed by Aura Auth. For more details, read:

Secure Variables

NameDescription
AURA_AUTH_SECRET | AUTH_SECRET32-byte secret for JWTs signing/encryption
AURA_AUTH_SALT | AUTH_SALTOptional but recommended salt for key derivation used for signing and encrypting JWTs and CSRF tokens

The AURA_AUTH_SECRET environment variable is overridden by secret configuration option in the createAuth function. On the other hand, the AURA_AUTH_SALT environment variable is not overridden by any configuration option and its recommended to set the environment variable to create a secure salting to sign and encrypt JWTs and CSRF Tokens.

.env
# Secret
AUTH_SECRET=""
AURA_AUTH_SECRET=""

# Salt
AUTH_SALT=""
AURA_AUTH_SALT=""

OAuth Variables

PatternDescription
AURA_AUTH_{PROVIDER}_CLIENT_ID | AUTH_{PROVIDER}_CLIENT_ID | {PROVIDER}_CLIENT_IDClient ID obtained from the OAuth app
AURA_AUTH_{PROVIDER}_CLIENT_SECRET | AUTH_{PROVIDER}_CLIENT_SECRET | {PROVIDER}_CLIENT_SECRETClient Secret obtained from the OAuth app

All of the environment variables that follow the previous patterns are loaded automatically by Aura Auth, so there is no need to set the environment variables in the OAuth provider configuration.

.env
# GitHub OAuth Credentials
GITHUB_CLIENT_ID=""
GITHUB_CLIENT_SECRET=""

# GitHub OAuth Credentials
AURA_GITHUB_CLIENT_ID=""
AURA_GITHUB_CLIENT_SECRET=""

# GitHub OAuth Credentials
AURA_AUTH_GITHUB_CLIENT_ID=""
AURA_AUTH_GITHUB_CLIENT_SECRET=""

Some of the supported OAuth providers provided by Aura Auth include:

To see all the providers supported by Aura Auth, see OAuth Providers.

.env
# GitHub OAuth Credentials
AURA_AUTH_GITHUB_CLIENT_ID=""
AURA_AUTH_GITHUB_CLIENT_SECRET=""

# GitLab OAuth Credentials
AURA_AUTH_GITLAB_CLIENT_ID=""
AURA_AUTH_GITLAB_CLIENT_SECRET=""

# Spotify OAuth Credentials
AURA_AUTH_SPOTIFY_CLIENT_ID=""
AURA_AUTH_SPOTIFY_CLIENT_SECRET=""

# Bitbucket OAuth Credentials
AURA_AUTH_BITBUCKET_CLIENT_ID=""
AURA_AUTH_BITBUCKET_CLIENT_SECRET=""
Never commit your .env file. Always use a secret manager in production.

Generating AURA_AUTH_SECRET

# Using Node.js
node -e "console.log(require('crypto').randomBytes(32).toString('base64'))"

# Using OpenSSL
openssl rand -base64 32

Security Model

Deep dive into the security mechanisms protecting Aura Auth

Configuration Options

Configure and customize Aura Auth defaults via createAuth.

On this page

Environment VariablesSecure VariablesOAuth VariablesGenerating AURA_AUTH_SECRET