Authentication

Zero uses a JWT-based flow to authenticate connections to zero-cache.

In order to validate JWTs, zero-cache must be configured with a ZERO_JWT_SECRET environment variable. During login, your API server encodes the userID and any other useful information into a JWT and signs it with this same secret.

The JWT for a user should be sent to your web client and then passed into the Zero constructor using the auth option.

const zero = new Zero({
  ...,
  auth: token, // your JWT
  userID, // this must match the `sub` field from `token`
});

The zero instance will send the JWT to zero-cache on connect. Zero-cache verifies and decodes the JWT to use as an input to permission rules.

Examples

See zbugs or hello-zero.

PreviousWriting Data with Mutators

NextPermissions

Welcome

Using Zero

Integrations

Meta

Authentication

Examples

On this page