This is a simplified demo to show how an authentication workflow is implemented in Gatsby.
The short version is:
- Gatsby statically renders all unauthenticated routes as usual
- Authenticated routes are allowed as client-only
- Logged out users are redirected to the login page if they attempt to visit private routes
- Logged in users will see their private content
This example is less about creating an example of secure, production-ready authentication, and more about showing Gatsby's ability to support dynamic content in client-only routes.
For production-ready authentication solutions, take a look at open-source solutions like Passport.js and accounts-js, or 3rd party identity providers like Auth0, Firebase Authentication, or okta, which may already have Gatsby themes or plugins. Rolling a custom auth system is hard and likely to have security holes.