AuthGuard
Wrapper that renders children only when authenticated — showing a login fallback, or transparently issuing a guest session for opted-in built apps.
import { AuthGuard } from 'flowstack-sdk'AuthGuard gates its children behind authentication. When the user is not signed in it renders the fallback — typically a login screen containing BrokeredLoginButton, which it can show automatically.
Guest chat (built apps). When the app has an appScope and the site enabled guest chat server-side (app_config.allowGuestChat), an unauthenticated visitor is transparently issued a short-lived guest session (POST /auth/guest) instead of seeing the login gate — removing the "sign up first" friction. Control is the per-site backend flag: if the site hasn't opted in, /auth/guest returns 403 and AuthGuard falls back to the normal login UI. It's a no-op unless the app is built with an appScope (the Casino dashboard has none, so it always requires real login). Opt out per-guard with allowGuest={false}.
Never use `redirectTo`. Use fallback={<BrokeredLoginButton />} instead — redirectTo="/" kicks users out before they can sign in.
Signature
<AuthGuard fallback={<LoginScreen />}>{children}</AuthGuard>Parameters
| Param | Type | Notes | Description |
|---|---|---|---|
fallback | React.ReactNode | — | Rendered when the user is not authenticated — use a login screen with BrokeredLoginButton. |
requireWorkspace | boolean | — | Require an active workspace, not just authentication. |
allowGuest | boolean | default true | Opt-in guest chat for built apps. When the app has an appScope and the site enabled allowGuestChat, mints a guest session via POST /auth/guest instead of showing the login gate; falls back to login on 403. No-op without an appScope. Set false to always require login. |
children | React.ReactNode | required | Protected content rendered only when authenticated. |
Examples
import { AuthGuard } from 'flowstack-sdk';
export default function App() {
return (
<AuthGuard fallback={<LoginScreen />}>
<Console />
</AuthGuard>
);
}
// LoginScreen shows BrokeredLoginButton
function LoginScreen() {
return (
<div style={{ display: 'flex', justifyContent: 'center', padding: '4rem' }}>
<BrokeredLoginButton />
</div>
);
}fallback={<BrokeredLoginButton />} instead — redirectTo="/" kicks users out before they can sign in.allowGuest, default true) is gated entirely by the site's server-side allowGuestChat flag and only applies to apps built with an appScope. It calls POST /auth/guest; a 403 means the site hasn't opted in and the login UI is shown instead.See also
BrokeredLoginButton · useFlowstack · useAuthGuard · useAuth
Source: README.md#authguard--never-use-redirectto · Also available in llms-full.txt and registry.json.