Skip to content

Auth API

The Auth API currently exposes a single endpoint: /auth/user.

On this branch, the endpoint reports the Cloudflare Access identity that @conloca/astro-cms attached to the request after successful JWT validation. If Cloudflare Access is not configured, or the request does not contain a verified user email, the endpoint returns authenticated: false.

All endpoints are relative to the API base URL (default: /__cms/api).


Get Current User

GET /auth/user

Get the currently authenticated user’s information from the validated Cloudflare Access request.

Parameters: None

Response: 200 OK

When authenticated:

{
  authenticated: true;
  user: {
    email: string; // User's email address
    sub: string; // Subject identifier from the auth provider
  }
}

When not authenticated:

{
  authenticated: false;
}

Example:

curl http://localhost:4321/__cms/api/auth/user
{
  "authenticated": true,
  "user": {
    "email": "editor@example.com",
    "sub": "user-123"
  }
}

Current scope

  • Implemented today: request identity passthrough for validated Cloudflare Access requests
  • Not implemented on this branch: role mapping, session cookies, OAuth login flows, API key auth providers