What is at /__replauthuser

element1010 · March 8, 2024, 8:42pm

Question:
I want to implement Replit Auth onto a site that’s not on Replit. It seems that the auth script (https://replit.com/public/js/repl-auth-v2.js) fetches from /__replauthuser. As my site is not on Replit, it does not have an automatic /__replauthuser page. What do I do?

NateDhaliwal · March 9, 2024, 7:36am

I don’t think it’s possible. Replit Auth is not possible on other sites, except Replit (I tried it before). It’s a huge setback, because you might have to redo your entire login system.
Similarly, ReplitDB can only work on Replit, not anywhere else.

haroon · March 9, 2024, 9:46am

/__replauthuser returns a JSON version of the user currently logged in via ReplAuth (obviously)

If you want to implement ReplAuth, you’ll have to set up two routes on your website, /__replauth and /__replauthuser, as well as using JWT signing.

I have a small NPM package to implement this but it’s very janky - replace-replit - npm, you can view source code here and get an idea of how you could implement it yourself if you don’t wanna risk it breaking

element1010 · March 11, 2024, 1:25pm

I found it. How do you use it?

haroon · March 14, 2024, 1:19pm

I have a small example in the README for using the library just like that (sorry for not responding quicker - some things popped up IRL that I don’t wish to talk about)

In src/index.ts there’s an implementation that uses Express.js Routers if you want to do it yourself

element1010 · March 15, 2024, 3:17pm

Ok, I did the exact same thing with a few changes, but it’s not prompting me to login. What’s wrong?

const replit = require("replace-replit");
const express = require("express");
const bodyParser = require("body-parser");

const app = express();

app.use(replit.auth.express());
app.set("view engine", "ejs");

app.get("/", (req, res) => {
  const username = req.get("X-Replit-User-Name");
  
  if (username) {
    res.send(`Hello, ${username}`);
  } else {
    res.send("hello!")
  }
});

app.listen(3000, () => {
  console.log("Chat running on port 3000");
});

Is it supposed to prompt me to log in?

boston2029 · March 15, 2024, 9:20pm

I know @GrimSteel has done it before for us. I think you have to get the pubkey then JWT stuff or smthn idk

python660 · March 16, 2024, 1:53pm

Did you enable it in the repl?
Check devtools > Network, is the username being sent? Probably not because you haven’t authed yet. You need to turn on repl auth (prebuilt login page)

element1010 · March 17, 2024, 1:54am

@python660 I can’t enable it in the Repl because:

python660 · March 17, 2024, 3:35pm

oh, then __replauthuser wouldn’t be defined unless you create such functionality

boston2029 · March 17, 2024, 5:27pm

You can use Firebase and your own server then use your server as the “Repl URL”. Idk where you go from there but like I said GrimSteel does

GrimSteel · March 18, 2024, 2:26am

From what I can tell, Haroon’s package pretty much does what I did. Just verify the JWT token on __replauth with the pubkey and extract out the user info from the payload.

My implementation was of course different in that it created a Firebase auth token instead of replicating the official Repl Auth API.

The only annoying part was testing it under Replit because there’s no way to manually handle __replauth even with Repl Auth disabled.

haroon · March 18, 2024, 1:53pm

It doesn’t prompt you to log in automatically - you have to either create a login button of your own.

I did have an implementation of this but I forgot to push to GitHub (silly me) and by proxy it didn’t publish to NPM.