Aura Auth
Integrations

Deno

Integrate Aura Auth and Deno's native server

This guide walks you through implementing Aura Auth in the native Deno server with complete support. If you haven't configured Aura Auth yet, start with the Installation Guide and Quick Start Guide to set up your Auth instance and environment variables. Then follow the steps in this guide to integrate Aura Auth with your Deno native application.

Setup Aura Auth

Create auth.ts in src/lib/ to configure Aura Auth and export the shared helpers used by the Deno server.

src/lib/auth.ts
import { createAuth } from "npm:@aura-stack/auth"

export const auth = createAuth({
  oauth: ["github"],
  basePath: "/api/auth",
})

export const { handlers, jose, api } = auth

basePath must match the route you expose in Deno.serve. baseURL is optional for local development but should be set to your deployed domain in production.

Mount HTTP Handlers

Define auth routes directly in Deno.serve. Any request matching /api/auth/* is handled by handlers.ALL.

index.ts
import { handlers } from "./lib/auth.ts"

Deno.serve({ port: 3000 }, async (request) => {
  const pathname = new URL(request.url).pathname

  if (pathname.startsWith("/api/auth/")) {
    return await handlers.ALL(request)
  }

  return new Response("Not Found", { status: 404 })
})

This keeps auth requests isolated from the rest of your application routes.

Auth Request Flow

Deno does not include framework-style middleware, but you can protect routes with a small helper-style handler that validates the current session.

index.ts
import { auth, handlers } from "./lib/auth.ts"

Deno.serve({ port: 3000 }, async (request) => {
  const pathname = new URL(request.url).pathname

  if (pathname.startsWith("/api/auth/")) {
    return await handlers.ALL(request)
  }

  if (pathname === "/api/protected") {
    const session = await auth.api.getSession({
      headers: request.headers,
    })

    if (!session.authenticated) {
      return Response.json({ error: "Unauthorized", message: "Active session required." }, { status: 401 })
    }

    return Response.json({
      message: "You have access to this protected resource.",
      user: session.session.user,
    })
  }

  return new Response("Not Found", { status: 404 })
})

This pattern works well for small APIs or server-rendered entry points. For larger apps, consider splitting the auth route and protected routes into separate modules.

Common Pitfalls

  • Keep basePath aligned with your route logic. If your auth route is /api/auth/*, basePath should be /api/auth.
  • Always pass request headers to auth.api.getSession(). The session lookup needs headers so Aura Auth can read cookies.
  • Check session.authenticated before exposing private data. Use the authenticated flag to guard sensitive responses.
  • Keep the auth route and protected route separate. That makes the server behavior easier to reason about and debug.

Resources

Bun

Integrate Aura Auth and Native Bun Server

Elysia

Integrate Aura Auth and Elysia

On this page

Setup Aura AuthMount HTTP HandlersAuth Request FlowCommon PitfallsResources