Buildspace
Authentication

Server SDK

Server-side authentication methods.

import Buildspace from "@buildspacestudio/sdk";

const bs = new Buildspace(process.env.BUILDSPACE_SECRET_KEY!);

Methods

handleCallback(request, options)

Exchanges an authorization code for a session token. Call this in your OAuth callback route.

const result = await bs.auth.handleCallback(request, { redirectUri });
// result: { access_token, expires_in, token_type, user }

getSession(token)

Validates a session token and returns the authenticated user. Sessions are managed by Better Auth on the server.

const session = await bs.auth.getSession(token);
// session: { appId, user: { id, email, name } }

signOut(token?)

Signs the user out. Pass a session token explicitly, or omit it if you've already attached one with bs.setSession(token).

await bs.auth.signOut(token);

bs.setSession(token);
await bs.auth.signOut();

signOut() clears the SDK's stored session state and treats already-expired or already-revoked sessions as safe no-ops, similar to Better Auth's sign-out flow.

revokeSession(token)

Invalidates a session token directly. This is the low-level primitive behind signOut().

await bs.auth.revokeSession(token);

Authentication infrastructure

The server SDK communicates with the Buildspace runtime API, which uses Better Auth for session storage, token management, and password hashing. All auth operations are handled server-side — no auth secrets are exposed to the client.

For details on the auth flow architecture, see the Overview.

Overview

Authentication concepts for Buildspace SDK integrations.

Client SDK

Browser-side auth URL generation methods.

On this page

MethodshandleCallback(request, options)getSession(token)signOut(token?)revokeSession(token)Authentication infrastructure