Use Ghost members auth to log-in to custom app via cookies


This is definitely doable but it’s gonna be a hack either way as these are not publicly documented or stable methods.

You can either get a JWT for a member and use that to authenticate into your application, but this won’t handle logout when the member logs out of Ghost. Or you can use the cookies like you say, but this will be a little more involved and require your app to be running on the same domain so that the cookies can be shared.

External auth with JWT

You can make a GET request to /members/ssr in your theme which will give you a JWT and then send that to your application to validate (with members_public_key in the settings) and initiate a session. An example of a call to this endpoint is here:

External auth with cookies

For this to work your app will have to be on the same domain as your Ghost site so they can share cookies.

You can take a look at the members-ssr package here: Members/packages/members-ssr at main · TryGhost/Members · GitHub and use the getMemberDataFromSession method. In order to use this you’ll have to pass in the required settings which you can get from the Ghost settings table. You’ll also have to pass in a getMembersApi function which returns a proxy to a members API object - the only method you’ll need is this one: Members/index.js at main · TryGhost/Members · GitHub

To implement this method you’ll need to use either the admin API or read from the db.

Hope this gives you a good start :relaxed: