# Node.js SDK — Authentication

> Server-side auth with @aerostack/sdk. Verify JWT access tokens, extract user context, and enforce authentication in Cloudflare Workers.

Server-side auth in Workers/Node.js is about verifying tokens and extracting user context.

## Verify an access token

```ts

const { sdk } = new AerostackClient({ projectId, apiKey })

// In your request handler:
const authHeader = request.headers.get('Authorization')
const token = authHeader?.replace('Bearer ', '')

const user = await sdk.auth.verifyToken(token)
// user: { id, email, name, customFields, ... } | null
```

## Middleware pattern (Hono)

```ts

const authMiddleware = createMiddleware(async (c, next) => {
  const token = c.req.header('Authorization')?.replace('Bearer ', '')
  if (!token) return c.json({ error: 'Unauthorized' }, 401)

  const user = await sdk.auth.verifyToken(token)
  if (!user) return c.json({ error: 'Invalid token' }, 401)

  c.set('user', user)
  await next()
})

const app = new Hono()
app.get('/me', authMiddleware, async (c) => {
  return c.json(c.get('user'))
})
```