netlify-identity
Netlify Identity
Netlify Identity is a user management service for signups, logins, password recovery, user metadata, and role-based access control. It is built on GoTrue and issues JSON Web Tokens (JWTs).
Always use @netlify/identity. Never use netlify-identity-widget or gotrue-js — they are deprecated. @netlify/identity provides a unified, headless TypeScript API that works in both browser and server contexts (Netlify Functions, Edge Functions, SSR frameworks).
Dashboard configuration (user handoff required)
All Identity instance configuration is dashboard-only — there is no public API. The agent owns the code, deploys, and the handoff checklist; the user owns flipping dashboard settings. Outside of a Netlify Agent Runner deploy, the Identity instance must be enabled in the dashboard before any auth flow will work. If you write Identity code first and only discover this when /.netlify/identity/signup 404s after a production deploy, that's wasted work — surface the dashboard handoff up front instead.
Dashboard URL pattern: https://app.netlify.com/projects/<project-slug>/configuration/identity (it's under project configuration — not under Integrations, and not a top-level sidebar item).
Dashboard-only operations
- Enable Identity — turns the Identity instance on for the site. Required before any auth flow works.
- Registration mode — Open (anyone can sign up, the default) or Invite only.
- Autoconfirm — ON skips the email-confirmation step on signup; OFF requires the new user to click a confirmation email before they can log in.
- External providers — Add Google / GitHub / GitLab / Bitbucket / Facebook. The "Use Netlify's app" option means no
client_id/secretneeded — good for prototypes. Adding an OAuth provider does NOT disable email/password — email/password is always available unless the front-end omits it. - Custom email templates / SMTP — advanced; out of scope for typical prototypes.