Documentation Index
Fetch the complete documentation index at: https://mintlify.com/eggarcia98/auth-backend/llms.txt
Use this file to discover all available pages before exploring further.
Prerequisites:
- A Cloudflare account
- Node.js 18+ and pnpm installed
- Dependencies installed (
pnpm install)
Overview
auth-backend includes awrangler.toml configuration for deployment to Cloudflare Workers. Workers run on Cloudflare’s edge network and do not use a persistent Node.js process — environment variables are supplied as secrets rather than a .env file.
wrangler.toml configuration
The project includes awrangler.toml that configures the Workers deployment:
wrangler.toml
nodejs_compat flag
The compatibility_flags = ["nodejs_compat"] setting enables the Node.js compatibility layer in the Cloudflare Workers runtime. This polyfills core Node.js APIs (such as crypto, buffer, and stream) that packages like Fastify and Supabase depend on. Without this flag, many npm packages that target Node.js will throw errors at runtime.
Deploy to Cloudflare Workers
Install Wrangler
Wrangler is already listed as a dev dependency in Verify the installation:Then authenticate with your Cloudflare account:This opens a browser window to authorize the CLI.
package.json. Install it with:Configure secrets
Cloudflare Workers do not use Each command prompts you to paste the secret value. The value is never stored in plaintext.If you use Apple Sign-In, add these optional secrets as well:
.env files. Each environment variable must be added as a secret using wrangler secret put. Secrets are encrypted at rest and injected into the Worker at runtime.Add all required secrets:Google OAuth credentials are not required as backend environment variables — they are configured directly in your Supabase project under Authentication → Providers → Google.
Required secrets reference
The following table lists every variable from.env.example and how to supply it in a Workers deployment:
| Variable | Required | Description |
|---|---|---|
SUPABASE_URL | Yes | Your Supabase project URL |
SUPABASE_ANON_KEY | Yes | Supabase anonymous (public) key |
SUPABASE_SERVICE_ROLE_KEY | Yes | Supabase service role key (admin access) |
JWT_SECRET | Yes | Secret used to sign JWTs (minimum 32 characters) |
FRONTEND_URL | Yes | Allowed CORS origin for the frontend |
APPLE_CLIENT_ID | No | Apple Sign-In service ID |
APPLE_TEAM_ID | No | Apple developer team ID |
APPLE_KEY_ID | No | Apple Sign-In key ID |
APPLE_PRIVATE_KEY | No | Apple Sign-In private key (PEM format) |
ENVIRONMENT is set as a plain [vars] entry in wrangler.toml and does not need to be a secret.
Google OAuth credentials are not required as backend environment variables. They are configured in your Supabase dashboard under Authentication → Providers → Google.
Differences from traditional Node.js deployment
Cloudflare Workers run in a V8 isolate, not a standard Node.js process. There are several important differences to be aware of:| Aspect | Node.js / Docker | Cloudflare Workers |
|---|---|---|
| Runtime | Node.js process (persistent) | V8 isolate (stateless, per-request) |
| Environment variables | .env file or --env-file flag | wrangler secret put / [vars] in wrangler.toml |
| Entry point | dist/server.js (compiled output) | src/index.ts (bundled by Wrangler) |
| Port binding | Fastify binds to 0.0.0.0:8080 | No port binding — Workers respond to HTTP fetch events |
| File system | Full read/write access | No file system access |
| Startup time | Seconds (cold start) | Milliseconds (edge-optimized) |
| Node.js built-ins | Native | Polyfilled via nodejs_compat flag |
Managing secrets across environments
Wrangler supports named environments (e.g.,staging, production) defined in wrangler.toml. To add a secret to a specific environment, use the --env flag: