# Authentication
AI SDK RSC is currently experimental. We recommend using [AI SDK
UI](/docs/ai-sdk-ui/overview) for production. For guidance on migrating from
RSC to UI, see our [migration guide](/docs/ai-sdk-rsc/migrating-to-ui).
The RSC API makes extensive use of [`Server Actions`](https://nextjs.org/docs/app/building-your-application/data-fetching/server-actions-and-mutations) to power streaming values and UI from the server.
Server Actions are exposed as public, unprotected endpoints. As a result, you should treat Server Actions as you would public-facing API endpoints and ensure that the user is authorized to perform the action before returning any data.
```tsx filename="app/actions.tsx"
'use server';
import { cookies } from 'next/headers';
import { createStremableUI } from '@ai-sdk/rsc';
import { validateToken } from '../utils/auth';
export const getWeather = async () => {
const token = cookies().get('token');
if (!token || !validateToken(token)) {
return {
error: 'This action requires authentication',
};
}
const streamableDisplay = createStreamableUI(null);
streamableDisplay.update();
streamableDisplay.done();
return {
display: streamableDisplay.value,
};
};
```
## Navigation
- [Overview](/v5/docs/ai-sdk-rsc/overview)
- [Streaming React Components](/v5/docs/ai-sdk-rsc/streaming-react-components)
- [Managing Generative UI State](/v5/docs/ai-sdk-rsc/generative-ui-state)
- [Saving and Restoring States](/v5/docs/ai-sdk-rsc/saving-and-restoring-states)
- [Multistep Interfaces](/v5/docs/ai-sdk-rsc/multistep-interfaces)
- [Streaming Values](/v5/docs/ai-sdk-rsc/streaming-values)
- [Handling Loading State](/v5/docs/ai-sdk-rsc/loading-state)
- [Error Handling](/v5/docs/ai-sdk-rsc/error-handling)
- [Handling Authentication](/v5/docs/ai-sdk-rsc/authentication)
- [Migrating from RSC to UI](/v5/docs/ai-sdk-rsc/migrating-to-ui)
[Full Sitemap](/sitemap.md)