Auth API
The Auth API currently exposes a single endpoint: /auth/user.
On this branch, the endpoint reports the Cloudflare Access identity that @conloca/astro-cms attached to the request
after successful JWT validation. If Cloudflare Access is not configured, or the request does not contain a verified user
email, the endpoint returns authenticated: false.
All endpoints are relative to the API base URL (default: /__cms/api).
Get Current User
GET /auth/user
Get the currently authenticated user’s information from the validated Cloudflare Access request.
Parameters: None
Response: 200 OK
When authenticated:
{
authenticated: true;
user: {
email: string; // User's email address
sub: string; // Subject identifier from the auth provider
}
}
When not authenticated:
{
authenticated: false;
}
Example:
curl http://localhost:4321/__cms/api/auth/user
{
"authenticated": true,
"user": {
"email": "editor@example.com",
"sub": "user-123"
}
}
Current scope
- Implemented today: request identity passthrough for validated Cloudflare Access requests
- Not implemented on this branch: role mapping, session cookies, OAuth login flows, API key auth providers