Skip to content
KeystoneJS LogoKeystoneJS (α)


Authentication strategies allow users to identify themselves to Keystone. This can be used to restrict access to the AdminUI, and to configure access controls.


const { PasswordAuthStrategy } = require('@keystone-alpha/auth-password');

const authStrategy = keystone.createAuthStrategy({
  type: PasswordAuthStrategy,
  list: 'User',

You then provide authStrategy to apps that facilitate login (typically the Admin UI):

module.exports = {
  apps: [new AdminUIApp({ authStrategy })],


typeAuthStrategy(required)A valid authentication strategy.
listString(required)The list that contains and authenticated item, for example a user.

Note: Different authentication strategies may have additional config options. See the documentation for individual authentication strategies for more details.


A valid authentication strategy.


Authentication strategies need to authenticate an item in a Keystone list (typically a User). The authenticated item will be provided to access control functions.

Have you found a mistake, something that is missing, or could be improved on this page? Please edit the Markdown file on GitHub and submit a PR with your changes.

Edit Page