Auth

Set up, configure, and run the Reloop auth microservice locally.

Complete Base Setup First

Ensure you've finished the Setup — before proceeding.

Service Overview

User signup, login, sessions, organizations, and workspace membership via Better Auth.

PropertyValue
Directoryapps/backend/auth
Port8000
Local URLhttps://local.reloop.sh/api/auth
Swagger UIhttps://local.reloop.sh/api/auth/openapi
StackElysiaJS Better Auth PostgreSQL Redis NATS

Quick Start

Run from the monorepo root (requires Docker Postgres + Redis):

bun be:auth:dev

The service starts with hot reloading on port 8000.

Use the unified domain

Access the dashboard at https://local.reloop.sh/dashboard, not localhost:3001. Session cookies are scoped to local.reloop.sh.

Environment Configuration

Variables live in apps/backend/auth/.env. Running bun env:setup from the root auto-populates this file.

# Database & Cache
PG_URL=postgresql://reloop:reloop123@localhost:5432/reloop
REDIS_URL=redis://:reloop123@localhost:6379

# Better Auth
BETTER_AUTH_SECRET=tENkVU4GrhckuRw4Bcfh93EWgXOFcszn
BASE_URL="https://local.reloop.sh"
PORT=8000
NODE_ENV=development

# Event Bus
NATS_URL=nats://localhost:4222

# Local dev helpers
DEFAULT_OTP=888888
DISABLE_SIGNUP=false

# OAuth (optional)
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=

Reference Table

VariableRequiredDefaultNotes
PG_URLYESpostgresql://...Shared Postgres from Docker
REDIS_URLYESredis://...Sessions and rate limits
BETTER_AUTH_SECRETYESSession encryption key
BASE_URLYEShttps://local.reloop.shMust match Caddy domain for cookies
PORTYES8000Host port
NATS_URLYESnats://localhost:4222Event bus
DEFAULT_OTPNO888888Dev OTP bypass for first login
DISABLE_SIGNUPNOfalseSet true after creating admin account

Development Commands

All commands run from the monorepo root.

CommandDescription
bun be:auth:devStart dev server with hot reloading
bun run --filter=auth buildCompile production bundle
bun run --filter=auth startRun compiled production build
bun run --filter=auth check-typesTypeScript type-check

Architecture

LayerDetail
SessionsBetter Auth manages login, OAuth, and cookie-based sessions via Redis + Postgres.
Multi-tenancyUsers belong to organizations through the member table (packages/db/src/schema/auth.ts).
EventsAuth lifecycle events published to NATS under auth.*.
First loginUse OTP 888888 locally when DEFAULT_OTP is set.

Was this page helpful?

Edit this page