Passer au contenu principal

Overview

Authentication module for managing user authentication and authorization. The module automatically stores tokens in local storage when available and manages authorization headers for API requests.

Features

This module provides comprehensive authentication functionality including:
  • Email/password login and registration
  • Token management
  • User profile access and updates
  • Password reset flows
  • OTP verification
  • User invitations

Authentication Modes

The auth module is only available in user authentication mode (base44.auth).

Methods

me()

me(): Promise<User>
Gets the current authenticated user’s information.

Returns

User An authenticated user.
id
string
requis
Unique user identifier.
created_date
string
requis
When the user was created.
updated_date
string
requis
When the user was last updated.
email
string
requis
User’s email address.
full_name
string | null
requis
User’s full name.
disabled
boolean | null
requis
Whether the user is disabled.
is_verified
boolean
requis
Whether the user’s email has been verified.
app_id
string
requis
The app ID this user belongs to.
is_service
boolean
requis
Whether this is a service account.
role
string
requis
User’s role in the app. Roles are configured in the app settings and determine the user’s permissions and access levels.
[key: string]
any
Additional custom fields defined in the user schema. Any custom properties added to the user schema in the app will be available here with their configured types and values.

Example


updateMe()

updateMe(data): Promise<User>
Updates the current authenticated user’s information. You can update role and any custom fields defined in your User entity schema. The role value must be either 'user' or 'admin'.
The following fields are read-only and can’t be changed with this method: id, email, full_name, created_date, updated_date, and created_by.

Parameters

data
Record<string, any>
requis
Object containing the fields to update.

Returns

User An authenticated user.
id
string
requis
Unique user identifier.
created_date
string
requis
When the user was created.
updated_date
string
requis
When the user was last updated.
email
string
requis
User’s email address.
full_name
string | null
requis
User’s full name.
disabled
boolean | null
requis
Whether the user is disabled.
is_verified
boolean
requis
Whether the user’s email has been verified.
app_id
string
requis
The app ID this user belongs to.
is_service
boolean
requis
Whether this is a service account.
role
string
requis
User’s role in the app. Roles are configured in the app settings and determine the user’s permissions and access levels.
[key: string]
any
Additional custom fields defined in the user schema. Any custom properties added to the user schema in the app will be available here with their configured types and values.

Example


redirectToLogin()

redirectToLogin(nextUrl): void
Redirects the user to the app’s login page. Redirects with a callback URL to return to after successful authentication. Requires a browser environment and can’t be used in the backend.

Parameters

nextUrl
string
requis
URL to redirect to after successful login.

Returns

void

Throws

When not in a browser environment.

Examples


loginWithProvider()

loginWithProvider(provider, fromUrl?): void
Redirects the user to a third-party authentication provider’s login page. Initiates an OAuth login flow with one of the built-in providers. Requires a browser environment and can’t be used in the backend. Supported providers:
  • 'google': Google OAuth. Enabled by default.
  • 'microsoft': Microsoft OAuth. Enable Microsoft in your app’s authentication settings before specifying this provider.
  • 'facebook': Facebook Login. Enable Facebook in your app’s authentication settings before using.
  • 'apple': Sign in with Apple. Enable Apple in your app’s authentication settings before using this provider.
  • 'sso': Enterprise SSO. Set up an SSO provider in your app’s authentication settings before using this provider.

Parameters

provider
string
requis
The authentication provider to use: 'google', 'microsoft', 'facebook', 'apple', or 'sso'.
fromUrl
string
URL to redirect to after successful authentication. Defaults to '/'.

Returns

void

Examples


logout()

logout(redirectUrl?): void
Logs out the current user. Removes the authentication token from local storage and Axios headers, then optionally redirects to a URL or reloads the page. Requires a browser environment and can’t be used in the backend.

Parameters

redirectUrl
string
Optional URL to redirect to after logout. Reloads the page if not provided.

Returns

void

Examples


setToken()

setToken(token, saveToStorage?): void
Sets the authentication token. Updates the authorization header for API requests and optionally saves the token to local storage for persistence. Saving to local storage requires a browser environment and is automatically skipped in backend environments.

Parameters

token
string
requis
JWT authentication token.
saveToStorage
boolean
Whether to save the token to local storage. Defaults to true.

Returns

void

Examples


loginViaEmailPassword()

loginViaEmailPassword(
email,
password,
turnstileToken?
): Promise<LoginResponse>
Logs in a registered user using email and password. Authenticates a user with email and password credentials. The user must already have a registered account. For new users, use register() first to create an account. On successful login, automatically sets the token for subsequent requests.

Parameters

email
string
requis
User’s email address.
password
string
requis
User’s password.
turnstileToken
string
Optional Cloudflare Turnstile CAPTCHA token for bot protection.

Returns

LoginResponse Response from login endpoints containing user information and access token.
access_token
string
requis
JWT access token for authentication.
user
User
requis
User information.
id
string
requis
Unique user identifier.
created_date
string
requis
When the user was created.
updated_date
string
requis
When the user was last updated.
email
string
requis
User’s email address.
full_name
string | null
requis
User’s full name.
disabled
boolean | null
requis
Whether the user is disabled.
is_verified
boolean
requis
Whether the user’s email has been verified.
app_id
string
requis
The app ID this user belongs to.
is_service
boolean
requis
Whether this is a service account.
role
string
requis
User’s role in the app. Roles are configured in the app settings and determine the user’s permissions and access levels.

Examples


isAuthenticated()

isAuthenticated(): Promise<boolean>
Checks if the current user is authenticated.

Returns

Promise<boolean> Promise resolving to true if authenticated, false otherwise.

Example


inviteUser()

inviteUser(userEmail, role): Promise<any>
Invites a user to the app. Sends an invitation email to a potential user with a specific role. Roles are configured in the app settings and determine the user’s permissions and access levels.

Parameters

userEmail
string
requis
Email address of the user to invite.
role
string
requis
Role to assign to the invited user. Must match a role defined in the app. For example, 'admin' or 'user'.

Returns

Promise<any> Promise that resolves when the invitation is sent successfully. Throws an error if the invitation fails.

Example


register()

register(params): Promise<any>
Registers a new user account. Creates a new user account with email and password. Registration sends an OTP code to the user’s email. Pass that code to verifyOtp() to complete verification, then log the user in with loginViaEmailPassword().

Parameters

params
RegisterParams
requis
Registration details including email, password, and optional fields.
email
string
requis
User’s email address.
password
string
requis
User’s password.
turnstile_token
string | null
Optional Cloudflare Turnstile CAPTCHA token for bot protection.
referral_code
string | null
Optional referral code from an existing user.

Returns

Promise<any> Promise resolving to the registration response.

Example


verifyOtp()

verifyOtp(params): Promise<any>
Verifies an OTP (one-time password) code. Confirms that the user owns the email address by checking the code sent to their inbox during register(). After a successful call, log the user in with loginViaEmailPassword(). If the code has expired or the user didn’t receive it, send a fresh one with resendOtp().

Parameters

params
VerifyOtpParams
requis
The email being verified and the OTP code the user entered.
email
string
requis
User’s email address.
otpCode
string
requis
One-time password code received by email.

Returns

Promise<any> Promise resolving to the verification response, which includes an access token for the now-verified user.

Throws

Error if the OTP code is invalid or expired.

Examples


resendOtp()

resendOtp(email): Promise<any>
Resends an OTP code to the user’s email address. Call this when the user didn’t receive the original code sent by register(), or when the previous code has expired. The new code replaces the previous one. Pass it to verifyOtp() to complete verification.

Parameters

email
string
requis
Email address to send the new OTP to.

Returns

Promise<any> Promise resolving once the new OTP has been sent, with a confirmation message and the new code’s expiration window.

Throws

Error if the email is invalid or the request fails.

Example


resetPasswordRequest()

resetPasswordRequest(email): Promise<any>
Requests a password reset. Sends a password reset email to the specified email address.

Parameters

email
string
requis
Email address for the account to reset.

Returns

Promise<any> Promise resolving when the password reset email is sent successfully.

Throws

Error if the email is invalid or the request fails.

Example


resetPassword()

resetPassword(params): Promise<any>
Resets password using a reset token. Completes the password reset flow by setting a new password using the token received by email.

Parameters

params
ResetPasswordParams
requis
Object containing the reset token and new password.
resetToken
string
requis
Reset token received by email.
newPassword
string
requis
New password to set.

Returns

Promise<any> Promise resolving when the password is reset successfully.

Throws

Error if the reset token is invalid, expired, or the request fails.

Example


changePassword()

changePassword(params): Promise<any>
Changes the user’s password. Updates the password for an authenticated user by verifying the current password and setting a new one.

Parameters

params
ChangePasswordParams
requis
Object containing user ID, current password, and new password.
userId
string
requis
User ID.
currentPassword
string
requis
Current password for verification.
newPassword
string
requis
New password to set.

Returns

Promise<any> Promise resolving when the password is changed successfully.

Throws

Error if the current password is incorrect or the request fails.

Example