Documentation

Cloudflare Workers

Edge OAuth client using Wrangler secrets for credentials.

Store secrets with wrangler secret put AUTH_CLIENT_SECRET. Radiant Auth itself runs on Workers — the same fetch + cookie patterns apply to your RP.

worker.ts
export interface Env {
  AUTH_ISSUER: string; // https://auth.rdnt.live/api/auth
  AUTH_CLIENT_ID: string; // YOUR_CLIENT_ID
  AUTH_CLIENT_SECRET: string; // YOUR_CLIENT_SECRET
  AUTH_REDIRECT_URI: string;
}

export default {
  async fetch(request: Request, env: Env): Promise<Response> {
    const url = new URL(request.url);

    if (url.pathname === "/api/auth/login") {
      // Generate PKCE, store verifier in cookie, redirect to authorize
    }

    if (url.pathname === "/api/auth/callback") {
      // Validate state, exchange code, set session cookie
    }

    if (url.pathname === "/api/auth/logout") {
      // Revoke tokens, clear cookies
    }

    return new Response("OK");
  },
} satisfies ExportedHandler<Env>;
Tip
Prefer the Store integration pattern: opaque session cookie → D1/KV row holding tokens, not tokens in the cookie body.