# MastraJwtAuth Class

The `MastraJwtAuth` class provides a lightweight authentication mechanism for Mastra using JSON Web Tokens (JWTs). It verifies incoming requests based on a shared secret and integrates with the Mastra server using the `auth` option.

## Installation

Before you can use the `MastraJwtAuth` class you have to install the `@mastra/auth` package.

**npm**:

```bash
npm install @mastra/auth@latest
```

**pnpm**:

```bash
pnpm add @mastra/auth@latest
```

**Yarn**:

```bash
yarn add @mastra/auth@latest
```

**Bun**:

```bash
bun add @mastra/auth@latest
```

## Usage example

```typescript
import { Mastra } from "@mastra/core";
import { MastraJwtAuth } from "@mastra/auth";

export const mastra = new Mastra({
  server: {
    auth: new MastraJwtAuth({
      secret: process.env.MASTRA_JWT_SECRET,
    }),
  },
});
```

> **Info:** Visit [MastraJwtAuth](https://mastra.ai/reference/auth/jwt) for all available configuration options.

## Configuring `MastraClient`

When `auth` is enabled, all requests made with `MastraClient` must include a valid JWT in the `Authorization` header:

```typescript
import { MastraClient } from "@mastra/client-js";

export const mastraClient = new MastraClient({
  baseUrl: "https://<mastra-api-url>",
  headers: {
    Authorization: `Bearer ${process.env.MASTRA_JWT_TOKEN}`,
  },
});
```

> **Info:** Visit [Mastra Client SDK](https://mastra.ai/docs/server/mastra-client) for more configuration options.

### Making authenticated requests

Once `MastraClient` is configured, you can send authenticated requests from your frontend application, or use `curl` for quick local testing:

**React**:

```tsx
import { mastraClient } from "../../lib/mastra-client";

export const TestAgent = () => {
  async function handleClick() {
    const agent = mastraClient.getAgent("weatherAgent");

    const response = await agent.generate("Weather in London");

    console.log(response);
  }

  return <button onClick={handleClick}>Test Agent</button>;
};
```

**cURL**:

```bash
curl -X POST http://localhost:4111/api/agents/weatherAgent/generate \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <your-jwt>" \
  -d '{
    "messages": "Weather in London"
  }'
```

## Creating a JWT

To authenticate requests to your Mastra server, you'll need a valid JSON Web Token (JWT) signed with your `MASTRA_JWT_SECRET`.

The easiest way to generate one is using [jwt.io](https://www.jwt.io/):

1. Select **JWT Encoder**.
2. Scroll down to the **Sign JWT: Secret** section.
3. Enter your secret (for example: `supersecretdevkeythatishs256safe!`).
4. Click **Generate example** to create a valid JWT.
5. Copy the generated token and set it as `MASTRA_JWT_TOKEN` in your `.env` file.