Build with Riff

Native Authentication

Protect what matters with native email/password auth and one-click route protection. You focus on features; the platform handles sign-up, login, sessions, and resets.

What you get

  • Ready-to-use auth: sign-up, login, logout — no custom build required.

  • Protected routes: toggle-on shields to require login for pages or backend functions.

  • Password reset & session management out of the box.

Typical tasks

  • Gate a page/endpoint: flip the protection toggle (shield) to “require login.”

  • Make something public: turn protection off (useful for marketing or health endpoints).

  • Test the flow: visit a protected page — you’ll be prompted to sign up/sign in automatically.

How it fits together

  • Auth UI (sign-up/login/reset) is provided.

  • Sessions persist across app usage; protected routes check session state.

  • Access control is per page/feature; you decide what’s public vs. members-only.

Good patterns

  • Default to protected for anything that reads/writes user data.

  • Keep secrets and tokens on the server; call external APIs from the backend, not the browser.

  • Pair auth with DB roles in your code (only fetch the current user’s records).

FAQ

Do I have to build my own login UI?

No - native forms are included.

Can I switch a page back to public later?

Yes - toggles let you enable/disable auth per page or feature.

Where do I see my users?

In Users & Data, alongside your tables.

PreviousCustom IntegrationsNextNative Database

Last updated

Was this helpful?