Skip to main content

Overview

Authentication module for managing user authentication and authorization. The module automatically stores tokens in local storage when available and manages authorization headers for API requests.

Features

This module provides comprehensive authentication functionality including:
  • Email/password login and registration
  • Token management
  • User profile access and updates
  • Password reset flows
  • OTP verification
  • User invitations

Authentication Modes

The auth module is only available in user authentication mode (base44.auth).

Methods

me()

me(): Promise<User>
Gets the current authenticated user’s information.

Returns

User An authenticated user.
id
string
required
Unique user identifier.
created_date
string
required
When the user was created.
updated_date
string
required
When the user was last updated.
email
string
required
User’s email address.
full_name
string | null
required
User’s full name.
disabled
boolean | null
required
Whether the user is disabled.
is_verified
boolean
required
Whether the user’s email has been verified.
app_id
string
required
The app ID this user belongs to.
is_service
boolean
required
Whether this is a service account.
role
string
required
User’s role in the app. Roles are configured in the app settings and determine the user’s permissions and access levels.
[key: string]
any
Additional custom fields defined in the user schema. Any custom properties added to the user schema in the app will be available here with their configured types and values.

Example

const user = await base44.auth.me();
console.log(`Logged in as: ${user.email}`);
console.log(`User ID: ${user.id}`);

updateMe()

updateMe(data): Promise<User>
Updates the current authenticated user’s information. You can update role and any custom fields defined in your User entity schema. The role value must be either 'user' or 'admin'.
The following fields are read-only and can’t be changed with this method: id, email, full_name, created_date, updated_date, and created_by.

Parameters

data
Record<string, any>
required
Object containing the fields to update.

Returns

User An authenticated user.
id
string
required
Unique user identifier.
created_date
string
required
When the user was created.
updated_date
string
required
When the user was last updated.
email
string
required
User’s email address.
full_name
string | null
required
User’s full name.
disabled
boolean | null
required
Whether the user is disabled.
is_verified
boolean
required
Whether the user’s email has been verified.
app_id
string
required
The app ID this user belongs to.
is_service
boolean
required
Whether this is a service account.
role
string
required
User’s role in the app. Roles are configured in the app settings and determine the user’s permissions and access levels.
[key: string]
any
Additional custom fields defined in the user schema. Any custom properties added to the user schema in the app will be available here with their configured types and values.

Example

await base44.auth.updateMe({
  role: 'admin',
  bio: 'Software developer',
  preferences: { theme: 'dark' }
});

redirectToLogin()

redirectToLogin(nextUrl): void
Redirects the user to the app’s login page. Redirects with a callback URL to return to after successful authentication. Requires a browser environment and can’t be used in the backend.

Parameters

nextUrl
string
required
URL to redirect to after successful login.

Returns

void

Throws

When not in a browser environment.

Examples

base44.auth.redirectToLogin(window.location.href);

loginWithProvider()

loginWithProvider(provider, fromUrl?): void
Redirects the user to a third-party authentication provider’s login page. Initiates an OAuth login flow with one of the built-in providers. Requires a browser environment and can’t be used in the backend. Supported providers:
  • 'google': Google OAuth. Enabled by default.
  • 'microsoft': Microsoft OAuth. Enable Microsoft in your app’s authentication settings before specifying this provider.
  • 'facebook': Facebook Login. Enable Facebook in your app’s authentication settings before using.
  • 'apple': Sign in with Apple. Enable Apple in your app’s authentication settings before using this provider.
  • 'sso': Enterprise SSO. Set up an SSO provider in your app’s authentication settings before using this provider.

Parameters

provider
string
required
The authentication provider to use: 'google', 'microsoft', 'facebook', 'apple', or 'sso'.
fromUrl
string
URL to redirect to after successful authentication. Defaults to '/'.

Returns

void

Examples

base44.auth.loginWithProvider('google', window.location.pathname);

logout()

logout(redirectUrl?): void
Logs out the current user. Removes the authentication token from local storage and Axios headers, then optionally redirects to a URL or reloads the page. Requires a browser environment and can’t be used in the backend.

Parameters

redirectUrl
string
Optional URL to redirect to after logout. Reloads the page if not provided.

Returns

void

Examples

base44.auth.logout();

setToken()

setToken(token, saveToStorage?): void
Sets the authentication token. Updates the authorization header for API requests and optionally saves the token to local storage for persistence. Saving to local storage requires a browser environment and is automatically skipped in backend environments.

Parameters

token
string
required
JWT authentication token.
saveToStorage
boolean
Whether to save the token to local storage. Defaults to true.

Returns

void

Examples

base44.auth.setToken('eyJhbGciOiJIUzI1NiIs...');

loginViaEmailPassword()

loginViaEmailPassword(
email,
password,
turnstileToken?
): Promise<LoginResponse>
Logs in a registered user using email and password. Authenticates a user with email and password credentials. The user must already have a registered account. For new users, use register() first to create an account. On successful login, automatically sets the token for subsequent requests.

Parameters

email
string
required
User’s email address.
password
string
required
User’s password.
turnstileToken
string
Optional Cloudflare Turnstile CAPTCHA token for bot protection.

Returns

LoginResponse Response from login endpoints containing user information and access token.
access_token
string
required
JWT access token for authentication.
user
User
required
User information.
id
string
required
Unique user identifier.
created_date
string
required
When the user was created.
updated_date
string
required
When the user was last updated.
email
string
required
User’s email address.
full_name
string | null
required
User’s full name.
disabled
boolean | null
required
Whether the user is disabled.
is_verified
boolean
required
Whether the user’s email has been verified.
app_id
string
required
The app ID this user belongs to.
is_service
boolean
required
Whether this is a service account.
role
string
required
User’s role in the app. Roles are configured in the app settings and determine the user’s permissions and access levels.

Examples

try {
  const { access_token, user } = await base44.auth.loginViaEmailPassword(
    'user@example.com',
    'securePassword123'
  );
  console.log('Login successful!', user);
} catch (error) {
  console.error('Login failed:', error);
}

isAuthenticated()

isAuthenticated(): Promise<boolean>
Checks if the current user is authenticated.

Returns

Promise<boolean> Promise resolving to true if authenticated, false otherwise.

Example

const isAuthenticated = await base44.auth.isAuthenticated();
if (isAuthenticated) {
  console.log('User is logged in');
} else {
  // Redirect to login page
  base44.auth.redirectToLogin(window.location.href);
}

inviteUser()

inviteUser(userEmail, role): Promise<any>
Invites a user to the app. Sends an invitation email to a potential user with a specific role. Roles are configured in the app settings and determine the user’s permissions and access levels.

Parameters

userEmail
string
required
Email address of the user to invite.
role
string
required
Role to assign to the invited user. Must match a role defined in the app. For example, 'admin' or 'user'.

Returns

Promise<any> Promise that resolves when the invitation is sent successfully. Throws an error if the invitation fails.

Example

  await base44.auth.inviteUser('newuser@example.com', 'user');
  console.log('Invitation sent successfully!');
} catch (error) {
  console.error('Failed to send invitation:', error);
}

register()

register(params): Promise<any>
Registers a new user account. Creates a new user account with email and password. Registration sends an OTP code to the user’s email. Pass that code to verifyOtp() to complete verification, then log the user in with loginViaEmailPassword().

Parameters

params
RegisterParams
required
Registration details including email, password, and optional fields.
email
string
required
User’s email address.
password
string
required
User’s password.
turnstile_token
string | null
Optional Cloudflare Turnstile CAPTCHA token for bot protection.
referral_code
string | null
Optional referral code from an existing user.

Returns

Promise<any> Promise resolving to the registration response.

Example

await base44.auth.register({
  email: 'newuser@example.com',
  password: 'securePassword123',
  referral_code: 'FRIEND2024'
});

// Verify with the OTP code from the user's email
await base44.auth.verifyOtp({
  email: 'newuser@example.com',
  otpCode: '123456'
});

// Log the user in after verification
const { access_token, user } = await base44.auth.loginViaEmailPassword(
  'newuser@example.com',
  'securePassword123'
);

verifyOtp()

verifyOtp(params): Promise<any>
Verifies an OTP (one-time password) code. Confirms that the user owns the email address by checking the code sent to their inbox during register(). After a successful call, log the user in with loginViaEmailPassword(). If the code has expired or the user didn’t receive it, send a fresh one with resendOtp().

Parameters

params
VerifyOtpParams
required
The email being verified and the OTP code the user entered.
email
string
required
User’s email address.
otpCode
string
required
One-time password code received by email.

Returns

Promise<any> Promise resolving to the verification response, which includes an access token for the now-verified user.

Throws

Error if the OTP code is invalid or expired.

Examples

try {
  await base44.auth.verifyOtp({
    email: 'user@example.com',
    otpCode: '123456'
  });
  console.log('Email verified successfully!');
} catch (error) {
  console.error('Invalid or expired OTP code');
}

resendOtp()

resendOtp(email): Promise<any>
Resends an OTP code to the user’s email address. Call this when the user didn’t receive the original code sent by register(), or when the previous code has expired. The new code replaces the previous one. Pass it to verifyOtp() to complete verification.

Parameters

email
string
required
Email address to send the new OTP to.

Returns

Promise<any> Promise resolving once the new OTP has been sent, with a confirmation message and the new code’s expiration window.

Throws

Error if the email is invalid or the request fails.

Example

try {
  await base44.auth.resendOtp('user@example.com');
  console.log('OTP resent! Please check your email.');
} catch (error) {
  console.error('Failed to resend OTP:', error);
}

resetPasswordRequest()

resetPasswordRequest(email): Promise<any>
Requests a password reset. Sends a password reset email to the specified email address.

Parameters

email
string
required
Email address for the account to reset.

Returns

Promise<any> Promise resolving when the password reset email is sent successfully.

Throws

Error if the email is invalid or the request fails.

Example

  await base44.auth.resetPasswordRequest('user@example.com');
  console.log('Password reset email sent!');
} catch (error) {
  console.error('Failed to send password reset email:', error);
}

resetPassword()

resetPassword(params): Promise<any>
Resets password using a reset token. Completes the password reset flow by setting a new password using the token received by email.

Parameters

params
ResetPasswordParams
required
Object containing the reset token and new password.
resetToken
string
required
Reset token received by email.
newPassword
string
required
New password to set.

Returns

Promise<any> Promise resolving when the password is reset successfully.

Throws

Error if the reset token is invalid, expired, or the request fails.

Example

  await base44.auth.resetPassword({
    resetToken: 'token-from-email',
    newPassword: 'newSecurePassword456'
  });
  console.log('Password reset successful!');
} catch (error) {
  console.error('Failed to reset password:', error);
}

changePassword()

changePassword(params): Promise<any>
Changes the user’s password. Updates the password for an authenticated user by verifying the current password and setting a new one.

Parameters

params
ChangePasswordParams
required
Object containing user ID, current password, and new password.
userId
string
required
User ID.
currentPassword
string
required
Current password for verification.
newPassword
string
required
New password to set.

Returns

Promise<any> Promise resolving when the password is changed successfully.

Throws

Error if the current password is incorrect or the request fails.

Example

  await base44.auth.changePassword({
    userId: 'user-123',
    currentPassword: 'oldPassword123',
    newPassword: 'newSecurePassword456'
  });
  console.log('Password changed successfully!');
} catch (error) {
  console.error('Failed to change password:', error);
}