Issues with using `requireAuth` in a serverless function

From reading the docs, using auth in a serverless function seems pretty straightforward.
In my fetch request, I just set the headers with the auth-provider and authorization values as per the docs.

fetch(url, {
  method: 'POST',
  body: {},
  headers: new Headers({
    'auth-provider': 'auth0',
    authorization: `Bearer ${await getToken()}`, // getToken from useAuth

For some reason, this results in an Authentication Error in requireAuth

export const requireAuth = ({ role } = {}) => {
  if (!context.currentUser) {
    throw new AuthenticationError("You don't have permission to do that.")

Are the docs outdated? Or am I just reading them wrong? I also tried setting the auth-provider to jwt but that didn’t work either.

I’d appreciate it if anyone has dealt with auth in a serverless function before and could help out

Hi @davidli3100 are you referring to these docs:

If so, I wrote these … and now I wonder if I forgot something in the example.

The requireAuth needs the currentUser to be added to the global context – and it isn’t yet.

Let me have a look and get back to you – and correct the docs if needed.

Yeah those were the docs I used. Thanks for looking into this!

@davidli3100 Yes, looks like I need to update these examples with something that will actually set the user info on the context.

You should be able to look here: redwood/index.ts at main · redwoodjs/redwood · GitHub

And use getAuthenticationContext from @redwoodjs/api and then

import { context } from '@redwoodjs/api

and maybe set context.currentUser = to the result of getAuthenticationContext such as “decoded”. That is, the first value in the array that is returned [decoded, { type, schema, token }, { event, context }]

Or something very close to that.

Would you mind adding an issue here:

And I can assign it to myself as a task so I do not lose track.


@davidli3100 I have added an issue here:

Now that I think about it, I would probably create a new function in in lib/auth.ts that accepts the:

  • event
  • context
  • roles

and call it canInvokeFunction() (or something like that) and this function would:

  • import getAuthenticationContext from @redwoodjs/api
  • import getCurrentUser from /src/lib/auth
  • call getCurrentUser with the first return value (ie, the decoded token) from getAuthenticationContext
  • then invoke requireAuth with the roles