Documentation
Cloudflare Workers
Edge OAuth client using Wrangler secrets for credentials.
Store secrets with wrangler secret put AUTH_CLIENT_SECRET. Radiant Auth itself runs on Workers — the same fetch + cookie patterns apply to your RP.
worker.ts
export interface Env {
AUTH_ISSUER: string; // https://auth.rdnt.live/api/auth
AUTH_CLIENT_ID: string; // YOUR_CLIENT_ID
AUTH_CLIENT_SECRET: string; // YOUR_CLIENT_SECRET
AUTH_REDIRECT_URI: string;
}
export default {
async fetch(request: Request, env: Env): Promise<Response> {
const url = new URL(request.url);
if (url.pathname === "/api/auth/login") {
// Generate PKCE, store verifier in cookie, redirect to authorize
}
if (url.pathname === "/api/auth/callback") {
// Validate state, exchange code, set session cookie
}
if (url.pathname === "/api/auth/logout") {
// Revoke tokens, clear cookies
}
return new Response("OK");
},
} satisfies ExportedHandler<Env>;Tip
Prefer the Store integration pattern: opaque session cookie → D1/KV row holding tokens, not tokens in the cookie body.