Get secure, extensible auth instantly with new email/password and Google OAuth in Gadget
TL;DR: Get auth working in seconds with a ready-made Google SSO and email/password login form on all new Gadget apps.
Auth is one of the bare bones features of any modern app, and yet every developer who has ever had to write auth from scratch knows what a headache it can be. You’re dealing with sensitive user information, making auth a delicate part of any build, with very little room for error. A lot of legwork needs to be done to make sure your app is secure, and maintaining that can be a hotbed for bugs and vulnerabilities. Simple, secure auth is crucial to the success of any web app.
With Gadget, every new app comes with a built-in auth system out of the box. You get a working login form with both email/password and Google SSO on the frontend, and extensible server-side actions to ensure only the right people have access to the sensitive parts of your application. And the best part is that it works instantly, allowing you to skip straight to development instead of wasting time on unnecessary setup and configuration.
Extensible auth with email and password
Starting today, every new Gadget AI and web app will have the option for email/password auth, giving you more independence from third party providers, and more control over user data and privacy.
Gadget's email/password auth comes with customizable actions that allow your users to sign up, sign in, and manage (or reset!) their password. You also get built-in email templates for email verification and password reset as soon as your app is created. Both these templates are fully customizable, so you can easily change the design, subject, and content within the action files. By default, Gadget handles all of the email sending for you, with the option to connect to your preferred email provider, such as MailChimp or SendGrid, as needed.
Auth in Gadget automatically follows industry best practices, and basic security is taken care of.
Instant auth with Google SSO
Just as with email/password, your Gadget app comes with Google Auth out of the box, so your users have the option to instantly sign up and sign in. In development, you have access to Gadget-managed Google credentials that help you avoid the Google Cloud console until you are ready to deploy to production. Once you’re ready to go to production, you can simply replace Gadget’s credentials with your own and deploy.
By default, your app will have access to the <inline-code>email<inline-code> and <inline-code>profile<inline-code> scopes, but you can configure your app to store additional scopes. For more information on how to configure scopes, you can read our docs.
Secure and ready for rollout
Previously, if you wanted to set up auth for an app, using a tool like Supabase for example, you would have built-in support for a variety of auth providers. However, you would still be required to manage the configuration of the actual sign in page, and all the security that goes into it. Because modern apps have a standard way of formatting most sign in pages, Gadget lets you skip all of that.
With Gadget, all of your apps come with a pre-built login form that you can customize and configure as needed. Your app also uses Gadget’s React hooks and components to secure your frontend routes against unauthorized access. These components allow you to easily manage the layout within your application based on the current user’s authentication state, with options like <inline-code><SignedIn /><inline-code> and <inline-code><SignedOut /><inline-code> allowing for conditional component rendering.
By default, your Gadget app is equipped with the <inline-code>signed-in<inline-code> and <inline-code>unauthenticated<inline-code> roles to manage access to your pages and actions. Assigned roles are stored on the user model, and role access can be configured on the Access Control page in your Gadget app (Settings → Access Control). You also have the ability to create and assign custom roles to users, if needed.
If you have any questions or feedback surrounding auth, or want to make a request for support for additional auth providers, we’d love to hear from you in our Discord.