💬 Note from maintainers
This application is purely for demonstration and educational purposes. Its setup and configuration resemble typical real-world applications, but it's not a full-fledged production system. Use this app to learn, experiment and tinker with Stytch.
Happy Coding!
This example app is focused on demonstrating the power and flexibility of Stytch in B2B Authentication scenarios from a backend-focused approach, leveraging Stytch Frontend SDKs and direct calls to the Stytch Backend API to build custom functionality for frontend and backend.
👀 Looking for an example of Stytch B2B Pre-Built UI components? 👀
- Multi-tenancy in Stytch's data model
- Role-Based Access Control (RBAC)
- Stytch Organization and member settings management via your own UI
- Supports multiple authentication methods (Email Magic Link (EML) and OAuth implemented)
The auth-specific logic is well documented, including links to the underlying API calls being used, and the example code kept simple and separate for easy review and subsequent deletion.
This project has two components: a client built as an single-page app (SPA) React app dashboard embedded in an Astro site (source in client) and a server built as a Node Express API (source in server). Both live in this repo, and you can run them both at the same time by opening two terminals.
For an app dashboard, a React SPA is a straightforward way to deliver the client experience. It makes calls to the server API by sending a session cookie, which allows the API to ensure that the current user is authorized to see the data they've requested.
For non-dashboard pages, such as the homepage, the best user experience is to deliver zero JavaScript. For that reason, the marketing side of the client is delivered by Astro, which will ship static files and zero JavaScript by default.
To handle business logic that requires secret credentials, Node + Express is one of the most common approaches for JavaScript developers. It’s got a great ecosystem and it's deployable anywhere.
For local development, you'll need:
- A Stytch account: https://stytch.com/
- Node >= 20.6.0 (Node 22 is not supported at this time)
# clone the repo
gh repo clone stytchauth/stytch-b2b-saas-example
# move into the cloned project
cd stytch-b2b-saas-example/
# install dependencies
cd client/
npm i
cd ../server/
npm iBefore you can run the app, you'll need a Stytch B2B project.
Note: In development, this app assumes the test Stytch environment, which can be set in the top navigation in the Stytch Dashboard.
If you don't have one already, in the Stytch Dashboard, click on your existing project name in the top left corner of the Dashboard, click Create a new project, and then select B2B Authentication or select the project you want to use for this app.
Configure the following Redirect URLs for your project in the Stytch Dashboard Redirect URLs page:
-
http://localhost:3000/auth/redirectSet as DEFAULT for Login, Signup, Invite, Reset Password and Discovery types. -
http://localhost:3000/authenticatewith Login, Signup, Invite, Reset Password and Discovery types. -
http://localhost:4321/dashboard/loginwith Login type.
In the Stytch Dashboard SDK Configuration the make the following updates:
-
Member actions & permissions must be enabled. To learn more about our RBAC implementation, see our RBAC guide.
-
Under Authorized applications add
http://localhost:4321as an authorized domain in addition tohttp://localhost:3000.
Stytch's Role-Based Access Control (RBAC) solution is an authorization model that manages access to resources within your application. Our RBAC model streamlines the management and enforcement of permissions with a flexible interface that's designed for a multi-tenant auth system.
We will be leverage the stytch_admin and stytch_member created by default for each project Stytch Resources & Roles Stytch B2B SaaS Authentication and creating a resource idea, with CRUD actions.
In your Stytch dashboard under Roles & Permissions > Resources, create a resource called idea. Give the idea resource the following actions:
createdeletereadupdate
Navigate to Roles & Permissions and
- Update the
stytch_adminrole to allow all actions for theideawith*
- Update the
stytch_memberrole withcreateandreadactions
This allows stytch_member's to create and read ideas and stytch_admin with all CRUD functionality that we can leverage for our application logic, enforced by Stytch.
Read more about the capabilities of the default roles stytch_admin and stytch_member in our docs.
Your API keys will be in your dashboard at this URL:
https://stytch.com/dashboard/api-keys?env=test
Add the project ID, secret, and public token to server/.env:
APP_URL="http://localhost:4321"
STYTCH_PROJECT_ID=""
STYTCH_PUBLIC_TOKEN=""
STYTCH_SECRET=""Next, add the same public token to client/.env:
PUBLIC_API_URL="http://localhost:3000"
PUBLIC_STYTCH_TOKEN=""To allow sign in with Google and/or Microsoft OAuth, follow the steps in your Stytch Dashboard to configure the OAuth apps Refer to Log in with OAuth in the Stytch B2B SaaS Authentication guides more information.
In one terminal, start the server:
# make sure you're in the server directory
cd server/
# start the app
npm run devThis will start the server at localhost:3000.
In a second terminal, start the client:
# make sure you're in the client directory
cd client/
# start the dev server
npm run devThis will start the client at localhost:4321.
From here, you should be able to open the site in your browser, and clicking on the "Dashboard" or "Start now" links will take you to the login page, which will let you register for your app and create an organization.
NOTE: In test mode, you can only use emails matching the domain you signed up with. Trying to use other emails will result in Stytch errors.