What is at /__replauthuser

I want to implement Replit Auth onto a site that’s not on Replit. It seems that the auth script (https://replit.com/public/js/repl-auth-v2.js) fetches from /__replauthuser. As my site is not on Replit, it does not have an automatic /__replauthuser page. What do I do?

I don’t think it’s possible. Replit Auth is not possible on other sites, except Replit (I tried it before). It’s a huge setback, because you might have to redo your entire login system.
Similarly, ReplitDB can only work on Replit, not anywhere else.


/__replauthuser returns a JSON version of the user currently logged in via ReplAuth (obviously)

If you want to implement ReplAuth, you’ll have to set up two routes on your website, /__replauth and /__replauthuser, as well as using JWT signing.

I have a small NPM package to implement this but it’s very janky - replace-replit - npm, you can view source code here and get an idea of how you could implement it yourself if you don’t wanna risk it breaking


I found it. How do you use it?

I have a small example in the README for using the library just like that (sorry for not responding quicker - some things popped up IRL that I don’t wish to talk about)

In src/index.ts there’s an implementation that uses Express.js Routers if you want to do it yourself

Ok, I did the exact same thing with a few changes, but it’s not prompting me to login. What’s wrong?

const replit = require("replace-replit");
const express = require("express");
const bodyParser = require("body-parser");

const app = express();

app.set("view engine", "ejs");

app.get("/", (req, res) => {
  const username = req.get("X-Replit-User-Name");
  if (username) {
    res.send(`Hello, ${username}`);
  } else {

app.listen(3000, () => {
  console.log("Chat running on port 3000");

Is it supposed to prompt me to log in?

I know @GrimSteel has done it before for us. I think you have to get the pubkey then JWT stuff or smthn idk

1 Like
  1. Did you enable it in the repl?
  2. Check devtools > Network, is the username being sent? Probably not because you haven’t authed yet. You need to turn on repl auth (prebuilt login page)

@python660 I can’t enable it in the Repl because:

oh, then __replauthuser wouldn’t be defined unless you create such functionality

You can use Firebase and your own server then use your server as the “Repl URL”. Idk where you go from there but like I said GrimSteel does

1 Like

From what I can tell, Haroon’s package pretty much does what I did. Just verify the JWT token on __replauth with the pubkey and extract out the user info from the payload.

My implementation was of course different in that it created a Firebase auth token instead of replicating the official Repl Auth API.

The only annoying part was testing it under Replit because there’s no way to manually handle __replauth even with Repl Auth disabled.


It doesn’t prompt you to log in automatically - you have to either create a login button of your own.

I did have an implementation of this but I forgot to push to GitHub (silly me) and by proxy it didn’t publish to NPM.