Skip to main content


Hyperstack comes with authentication, and aims to provide the same plug-in authentication experience as Devise did for Rails.

To narrow down the scope, Hyperstack offers authentication with JWT. This means clients authenticate, and gets back a JWT token, to use as a Bearer token in following requests.

For that, we have a few components:

  • JWT logic, verfication, and encryption
  • Middleware to verify and authenticate a user with a Bearer token
  • currentUser infra to identify, authenticate, and load a current user into the current authenticated request for convenience
  • A generic User model, Auth controller, and Auth mailer for login, registration, reset password, and more.

While you get these things out of the box, it's nice to see how things work behind the scenes. Down below is a list out of a few of the infrastructure pieces in play.

Using the JWT initializer

import jwt from '@hyperstackjs/initializer-jwt'

export default jwt(context => async (payload) => {
const { User } = context.models()
const user = await User.findOne({ where: { username: payload.sub } })
if (!user) {
return null
return { user }


You get decorators that will stop unauthenticated requests, and if a request is authenticated, you'll find the current authenticated user in req.user.

import { getProps } from '@hyperstackjs/initializer-jwt'
const { MustAuthRouteWithJWT } = getProps()
export class PostsController {
async list(_req: Request, _res) {
return new HttpResponseOK({ posts: [{ id: 1, title: 'hello world' }] })

Ad hoc signing

Should you want to sign various artifacts, you can use signJWT like so:

import { getProps } from '@hyperstackjs/initializer-jwt'
const { signJWT } = getProps()

signJWT is already rigged with the secret and algorithm that your app uses, so you can use it freely anywhere


Get StartedBuilding APIsModeling DataBackground JobsTestingDeploymentFAQ