Authentication

Auth should arrive as a finished boundary, not a forever-project.

Sessions, sign-up, organizations, invitations, and active-workspace state are rarely just one table and a login form. The auth fragment packages those concerns into a typed surface so the app can focus on product logic instead of rebuilding identity plumbing.

Install

npm install @fragno-dev/auth @fragno-dev/db

npm install @fragno-dev/auth @fragno-dev/db

Mount route

/api/auth

Includes

Users + orgs + roles

Backed by

Your database

Capabilities

The everyday auth primitives are already shaped.

Users + sessions

Email/password sign-up, sign-in, and sign-out flows with session cookies.

Organizations + roles

Create organizations, manage members, and assign roles with invitations.

Database-backed

Auth data is stored in your database with typed schemas.

Interface

Auth routes are compact, but the product surface is broad.

Route surface

GET    /me
POST   /sign-up
POST   /sign-in
POST   /sign-out
POST   /change-password
GET    /users
PATCH  /users/:userId/role
POST   /organizations
GET    /organizations
PATCH  /organizations/:organizationId
GET    /organizations/:organizationId/members
POST   /organizations/:organizationId/invitations
PATCH  /organizations/invitations/:invitationId
GET    /organizations/active
POST   /organizations/active

GET    /mePOST   /sign-upPOST   /sign-inPOST   /sign-outPOST   /change-passwordGET    /usersPATCH  /users/:userId/rolePOST   /organizationsGET    /organizationsPATCH  /organizations/:organizationIdGET    /organizations/:organizationId/membersPOST   /organizations/:organizationId/invitationsPATCH  /organizations/invitations/:invitationIdGET    /organizations/activePOST   /organizations/active

Why it matters

Good auth is never only about identity. It is about product access, membership, workspace context, and role semantics. This fragment treats that seam as one thing to mount and one thing to consume from typed clients.

Blueprint

Wire the server, mount the handlers, then consume typed auth hooks.

Create the fragment

import { createAuthFragment } from "@fragno-dev/auth";

export const authFragment = createAuthFragment(
  {
    cookieOptions: {
      secure: true,
      sameSite: "lax",
    },
  },
  {
    databaseAdapter,
    mountRoute: "/api/auth",
  },
);

import { createAuthFragment } from "@fragno-dev/auth";export const authFragment = createAuthFragment(  {    cookieOptions: {      secure: true,      sameSite: "lax",    },  },  {    databaseAdapter,    mountRoute: "/api/auth",  },);

Mount handlers

import { authFragment } from "@/lib/auth";

export const handlers = authFragment.handlersFor("react-router");

export const action = handlers.action;
export const loader = handlers.loader;

import { authFragment } from "@/lib/auth";export const handlers = authFragment.handlersFor("react-router");export const action = handlers.action;export const loader = handlers.loader;

Create client

import { createAuthFragmentClient } from "@fragno-dev/auth/react";

export const authClient = createAuthFragmentClient();

import { createAuthFragmentClient } from "@fragno-dev/auth/react";export const authClient = createAuthFragmentClient();

Use it

The client API matches the actual auth model.

Hooks

const { mutate: signIn } = authClient.useSignIn();
const { mutate: signOut } = authClient.useSignOut();
const { data: me } = authClient.useMe();
const { data: users } = authClient.useUsers();
const { data: orgs } = authClient.useOrganizations();
const { data: members } = authClient.useOrganizationMembers({
  path: { organizationId },
});
const { data: invitations } = authClient.useOrganizationInvitations({
  path: { organizationId },
});

const { mutate: signIn } = authClient.useSignIn();const { mutate: signOut } = authClient.useSignOut();const { data: me } = authClient.useMe();const { data: users } = authClient.useUsers();const { data: orgs } = authClient.useOrganizations();const { data: members } = authClient.useOrganizationMembers({  path: { organizationId },});const { data: invitations } = authClient.useOrganizationInvitations({  path: { organizationId },});

Product sign-up

Launch email/password authentication with built-in routes and cookies.

Team onboarding

Invite members to organizations and manage roles as teams grow.

Multi-tenant workspaces

Keep sessions and active organization context in sync for workspaces.