Skip to content

Quickstart

Get your Authrim instance up and running in minutes.

Before you begin, ensure you have:

Terminal window
git clone https://github.com/sgrastar/authrim.git
cd authrim
Terminal window
pnpm install
Terminal window
wrangler login

Use the @authrim/setup CLI tool to automatically configure your environment:

Terminal window
npx @authrim/setup --cli

Or launch the interactive Web UI:

Terminal window
npx @authrim/setup

The setup wizard will:

  • Generate cryptographic keys (RSA for JWT signing)
  • Create .dev.vars with environment variables
  • Generate wrangler.toml for local development
  • Set up KV namespaces for caches, configuration, and tenant runtime snapshots
  • Create the deployment D1 databases (DB, DB_PII, DB_ADMIN)
  • Seed runtime profiles and apply core, PII, and admin migrations
  • Deploy Durable Objects from @authrim/ar-lib-core
OptionDescription
--cliUse CLI mode (no Web UI)
--env <env>Specify environment (dev, staging, prod, etc.)
--lang jaUse Japanese language
Terminal window
pnpm run dev

This starts all workers in development mode. Access endpoints at http://localhost:8787.

Test the discovery endpoint:

Terminal window
curl http://localhost:8787/.well-known/openid-configuration | jq

You should see the OpenID Connect discovery document with endpoints like:

{
"issuer": "http://localhost:8787",
"authorization_endpoint": "http://localhost:8787/authorize",
"token_endpoint": "http://localhost:8787/token",
"userinfo_endpoint": "http://localhost:8787/userinfo",
"jwks_uri": "http://localhost:8787/.well-known/jwks.json"
}

Test the JWKS endpoint:

Terminal window
curl http://localhost:8787/.well-known/jwks.json | jq

Navigate to this URL in your browser to test the authorization flow:

http://localhost:8787/authorize?response_type=code&client_id=test-client&redirect_uri=http://localhost:3000/callback&scope=openid&state=random-state
git clone + pnpm install
wrangler login
npx @authrim/setup --cli ← Configures everything automatically
pnpm run dev

For detailed customization or troubleshooting, you can use individual scripts. These are source-repository workflows; the setup CLI remains the recommended path.

Terminal window
# Generate keys
./scripts/setup-keys.sh
# Configure local environment
./scripts/setup-local-vars.sh
./scripts/setup-local-wrangler.sh
# Set up cloud resources
./scripts/setup-kv.sh --env=dev
./scripts/setup-d1.sh --env=dev
./scripts/setup-durable-objects.sh
# Optional: Configure email (for OTP authentication)
./scripts/setup-resend.sh --env=local

For tenant-D1 deployments, manage generated tenant database slots through the setup CLI:

Terminal window
npx @authrim/setup tenant-db-pool-status --env prod
npx @authrim/setup tenant-db-pool-expand --env prod --add-slots 10
npx @authrim/setup tenant-db-migrate-all --env prod