Skip to content
KeystoneJS LogoKeystoneJSv5


Authentication strategies allow users to identify themselves to KeystoneJS. This can be used to restrict access to the AdminUI, and to configure access controls.


const { PasswordAuthStrategy } = require('@keystonejs/auth-password');

const authStrategy = keystone.createAuthStrategy({
  type: PasswordAuthStrategy,
  list: 'User',
  config: {
    /*...config */

You then provide authStrategy to apps that facilitate login (typically the Admin UI):

module.exports = {
  apps: [new AdminUIApp({ authStrategy })],


typeAuthStrategy(required)A valid authentication strategy.
listString(required)The list that contains an authenticated item, for example a user.
configObject{}Strategy-specific config options.

Note: Different authentication strategies may have additional config options. See the documentation for individual authentication strategies for more details.


A valid authentication strategy.


Authentication strategies need to authenticate an item in a Keystone list (typically a User). The authenticated item will be provided to access control functions.

Have you found a mistake, something that is missing, or could be improved on this page? Please edit the Markdown file on GitHub and submit a PR with your changes.

Edit Page