JWT Authentication

With Vercel's Edge Middleware we're able to authenticate users before they hit your app.

Authentication is managed with a JWT saved under the user-token cookie.

If you visit /protected if will redirect you here if you aren't authenticated. Click the button below to authenticate and be able to see the page:

API routes are also behind authentication, if the token is missing the route /api/protected will respond with:

{"error":{"message":"authentication required"}}

With proper authentication the response is:


The HTTP status code would be 401 and 200 respectively.