--- sidebar_label: "Module Options" --- import { Table } from "docs-ui" export const metadata = { title: `Auth Module Options`, } # {metadata.title} In this document, you'll learn about the options of the Auth Module. ## providers ```js title="medusa-config.js" const modules = { // ... auth: { resolve: "@medusajs/auth", options: { providers: [ { name: "emailpass", scopes: { store: {}, admin: {}, }, }, { name: "google", scopes: { admin: { clientID: process.env.GOOGLE_CLIENT_ID, clientSecret: process.env.GOOGLE_CLIENT_SECRET, callbackURL: process.env.GOOGLE_CALLBACK_URL, successRedirectUrl: process.env.GOOGLE_SUCCESS_REDIRECT_URL, }, }, }, ], }, }, } ``` The `providers` option is an array of objects indicating the auth providers to register, their scopes, and configurations. Each object accepts the following properties: - `name`: The provider's name, which is set in the auth provider class's `PROVIDER` field. For example, `emailpass` or `google`. - `scopes`: An object of scopes. The keys are a scope's name, which in the Medusa application would be either `admin` or `store`. The value is an object of configurations for that scope. Each provider accepts different scope configurations as detailed below. ### emailpass Scope Configurations Configuration Description Required Default `hashConfig` An object of configurations to use when hashing the user's password. Refer to [scrypt-kdf](https://www.npmjs.com/package/scrypt-kdf#-hash)'s documentation for accepted options. No ```ts noCopy noReport noLineNumbers const hashConfig = { logN: 15, r: 8, p: 1 } ```

### google Scope Configurations Follow [this Google documentation](https://developers.google.com/identity/protocols/oauth2/web-server#prerequisites) to enable Google's APIs and retrieve the necessary credentials. Configuration Description Required Default `clientID` A string indicating the [Google API Client ID](https://developers.google.com/identity/oauth2/web/guides/get-google-api-clientid). Yes \- `clientSecret` A string indicating the [Google Client Secret](https://support.google.com/cloud/answer/6158849?hl=en#zippy=%2Cstep-create-a-new-client-secret). Yes \- `callbackURL` A string indicating the URL to redirect to in your app after the user completes their authentication in Google. The Medusa application provides the API route `/auth/[scope]/google/callback` that you can use, where `[scope]` is the scope this config belongs to. For example, `/auth/store/google/callback`. Yes \- `successRedirectUrl` A string indicating the URL to redirect to in your app after the authentication has been successful. If not provided, the Medusa application's callback route just returns a JSON with the JWT token of the auth identity. No \-

### Environment Variables Make sure to add the necessary environment variables for the above options in `.env`: ```bash GOOGLE_CLIENT_ID= GOOGLE_CLIENT_SECRET= GOOGLE_CALLBACK_URL= GOOGLE_SUCCESS_REDIRECT_URL= ``` --- ## Auth CORS The Medusa application's authentication API routes are defined under the `/auth` prefix that requires setting the `authCors` property of the `http` configuration. So, before using these routes, make sure to set that configuration. Refer to [Medusa's configuration guide](/references/medusa-config#authCors) for more details.