HBForge/Examples
HBForge/Examples/Integrations/Better Auth on Cloudflare
21 · Integrations

forge/auth on Cloudflare Workers

Same forge/auth module, exported as a CF Workers entrypoint. JWT.sign and Password.hash work identically because they're built on Web Crypto.

forge/serverforge/authCF Workers
Code
better-auth-on-cloudflare.js
import { WebApp }        from class="tk-str">'@hyperbridge/forge/server';
import { Password, JWT } from class="tk-str">'@hyperbridge/forge/auth';

const app = new WebApp();

app.post(class="tk-str">'/login', async (c) => {
  const { email, password } = await c.req.json();
  const stored = await c.env.USERS.get(email, { type: class="tk-str">'json' });

  if (!stored || !(await Password.verify(password, stored.hash))) {
    return c.json({ error: class="tk-str">'invalid' }, 401);
  }
  return c.json({
    token: JWT.sign({ email }, c.env.JWT_SECRET),
  });
});

export default app;
How it works

Cloudflare KV stores the user record; JWT.sign uses HS256 backed by Web Crypto's HMAC-SHA-256.

Password.verify works on Workers because argon2 has a Wasm fallback inside forge/auth.

For OAuth flows on the edge, use OAuth2PKCE from forge/auth — full PKCE state machine, no provider-specific code.

Try it
Quickstart
wrangler dev → POST /login
Related modules
forge/server
WebApp
forge/auth
Password, JWT (Web Crypto)
This is HBForge's port of Hono's example. Read the original at hono.dev/examples/better-auth-on-cloudflare.