Skip to main content
Authentication module for managing user authentication and authorization. The module automatically stores tokens in local storage when available and manages authorization headers for API requests. This module provides comprehensive authentication functionality including:
  • Email/password login and registration
  • Token management
  • User profile access and updates
  • Password reset flows
  • OTP verification
  • User invitations
The auth module is only available in user authentication mode (base44.auth).

Methods

me()

me(): Promise<User>
Gets the current authenticated user’s information.

Returns

User An authenticated user.
id
string
required
Unique user identifier.
created_date
string
required
When the user was created.
updated_date
string
required
When the user was last updated.
email
string
required
User’s email address.
full_name
string | null
required
User’s full name.
disabled
boolean | null
required
Whether the user is disabled.
is_verified
boolean
required
Whether the user’s email has been verified.
app_id
string
required
The app ID this user belongs to.
is_service
boolean
required
Whether this is a service account.
role
string
required
User’s role in the app. Roles are configured in the app settings and determine the user’s permissions and access levels.
[key: string]
any
Additional custom fields defined in the user schema. Any custom properties added to the user schema in the app will be available here with their configured types and values.

Example

const user = await base44.auth.me();
console.log(`Logged in as: ${user.email}`);
console.log(`User ID: ${user.id}`);

updateMe()

updateMe(data): Promise<User>
Updates the current authenticated user’s information. Only the fields included in the data object will be updated. Commonly updated fields include full_name and custom profile fields.

Parameters

data
Partial<Omit<User, ... | ... | ...>>
required
Object containing the fields to update.
id
string
required
Unique user identifier.
created_date
string
required
When the user was created.
updated_date
string
required
When the user was last updated.
email
string
required
User’s email address.
full_name
string | null
required
User’s full name.
disabled
boolean | null
required
Whether the user is disabled.
is_verified
boolean
required
Whether the user’s email has been verified.
app_id
string
required
The app ID this user belongs to.
is_service
boolean
required
Whether this is a service account.
role
string
required
User’s role in the app. Roles are configured in the app settings and determine the user’s permissions and access levels.

Returns

User An authenticated user.
id
string
required
Unique user identifier.
created_date
string
required
When the user was created.
updated_date
string
required
When the user was last updated.
email
string
required
User’s email address.
full_name
string | null
required
User’s full name.
disabled
boolean | null
required
Whether the user is disabled.
is_verified
boolean
required
Whether the user’s email has been verified.
app_id
string
required
The app ID this user belongs to.
is_service
boolean
required
Whether this is a service account.
role
string
required
User’s role in the app. Roles are configured in the app settings and determine the user’s permissions and access levels.
[key: string]
any
Additional custom fields defined in the user schema. Any custom properties added to the user schema in the app will be available here with their configured types and values.

Examples

const updatedUser = await base44.auth.updateMe({
  full_name: 'John Doe'
});
console.log(`Updated user: ${updatedUser.full_name}`);

redirectToLogin()

redirectToLogin(nextUrl): void
Redirects the user to the app’s login page. Redirects with a callback URL to return to after successful authentication. Requires a browser environment and can’t be used in the backend.

Parameters

nextUrl
string
required
URL to redirect to after successful login.

Returns

void

Throws

When not in a browser environment.

Examples

base44.auth.redirectToLogin(window.location.href);

logout()

logout(redirectUrl?): void
Logs out the current user. Removes the authentication token from local storage and Axios headers, then optionally redirects to a URL or reloads the page. Requires a browser environment and can’t be used in the backend.

Parameters

redirectUrl
string
Optional URL to redirect to after logout. Reloads the page if not provided.

Returns

void

Examples

base44.auth.logout();

setToken()

setToken(token, saveToStorage?): void
Sets the authentication token. Updates the authorization header for API requests and optionally saves the token to local storage for persistence. Saving to local storage requires a browser environment and is automatically skipped in backend environments.

Parameters

token
string
required
JWT authentication token.
saveToStorage
boolean
Whether to save the token to local storage. Defaults to true.

Returns

void

Examples

base44.auth.setToken('eyJhbGciOiJIUzI1NiIs...');

loginViaEmailPassword()

loginViaEmailPassword(email, password, turnstileToken?): Promise<LoginResponse>
Logs in a registered user using email and password. Authenticates a user with email and password credentials. The user must already have a registered account. For new users, use register() first to create an account. On successful login, automatically sets the token for subsequent requests.

Parameters

email
string
required
User’s email address.
password
string
required
User’s password.
turnstileToken
string
Optional Cloudflare Turnstile CAPTCHA token for bot protection.

Returns

LoginResponse Response from login endpoints containing user information and access token.
access_token
string
required
JWT access token for authentication.
user
User
required
User information.
id
string
required
Unique user identifier.
created_date
string
required
When the user was created.
updated_date
string
required
When the user was last updated.
email
string
required
User’s email address.
full_name
string | null
required
User’s full name.
disabled
boolean | null
required
Whether the user is disabled.
is_verified
boolean
required
Whether the user’s email has been verified.
app_id
string
required
The app ID this user belongs to.
is_service
boolean
required
Whether this is a service account.
role
string
required
User’s role in the app. Roles are configured in the app settings and determine the user’s permissions and access levels.

Examples

try {
  const { access_token, user } = await base44.auth.loginViaEmailPassword(
    '[email protected]',
    'securePassword123'
  );
  console.log('Login successful!', user);
} catch (error) {
  console.error('Login failed:', error);
}

isAuthenticated()

isAuthenticated(): Promise<boolean>
Checks if the current user is authenticated.

Returns

Promise<boolean> Promise resolving to true if authenticated, false otherwise.

Example

const isAuthenticated = await base44.auth.isAuthenticated();
if (isAuthenticated) {
  console.log('User is logged in');
} else {
  // Redirect to login page
  base44.auth.redirectToLogin(window.location.href);
}

inviteUser()

inviteUser(userEmail, role): Promise<any>
Invites a user to the app. Sends an invitation email to a potential user with a specific role. Roles are configured in the app settings and determine the user’s permissions and access levels.

Parameters

userEmail
string
required
Email address of the user to invite.
role
string
required
Role to assign to the invited user. Must match a role defined in the app. For example, 'admin' or 'user'.

Returns

Promise<any> Promise that resolves when the invitation is sent successfully. Throws an error if the invitation fails.

Example

  await base44.auth.inviteUser('[email protected]', 'user');
  console.log('Invitation sent successfully!');
} catch (error) {
  console.error('Failed to send invitation:', error);
}

register()

register(params): Promise<any>
Registers a new user account. Creates a new user account with email and password. After successful registration, use loginViaEmailPassword() to log in the user.

Parameters

params
RegisterParams
required
Registration details including email, password, and optional fields.
email
string
required
User’s email address.
password
string
required
User’s password.
turnstile_token
string | null
Optional Cloudflare Turnstile CAPTCHA token for bot protection.
referral_code
string | null
Optional referral code from an existing user.

Returns

Promise<any> Promise resolving to the registration response.

Example

await base44.auth.register({
  email: '[email protected]',
  password: 'securePassword123',
  referral_code: 'FRIEND2024'
});

// Login after registration
const { access_token, user } = await base44.auth.loginViaEmailPassword(
  '[email protected]',
  'securePassword123'
);

verifyOtp()

verifyOtp(params): Promise<any>
Verifies an OTP (One-time password) code. Validates an OTP code sent to the user’s email during registration or authentication.

Parameters

params
VerifyOtpParams
required
Object containing email and OTP code.
email
string
required
User’s email address.
otpCode
string
required
One-time password code received by email.

Returns

Promise<any> Promise resolving to the verification response if valid.

Throws

Error if the OTP code is invalid, expired, or verification fails.

Example

  await base44.auth.verifyOtp({
    email: '[email protected]',
    otpCode: '123456'
  });
  console.log('Email verified successfully!');
} catch (error) {
  console.error('Invalid or expired OTP code');
}

resendOtp()

resendOtp(email): Promise<any>
Resends an OTP code to the user’s email address. Requests a new OTP code to be sent to the specified email address.

Parameters

email
string
required
Email address to send the OTP to.

Returns

Promise<any> Promise resolving when the OTP is sent successfully.

Throws

Error if the email is invalid or the request fails.

Example

  await base44.auth.resendOtp('[email protected]');
  console.log('OTP resent! Please check your email.');
} catch (error) {
  console.error('Failed to resend OTP:', error);
}

resetPasswordRequest()

resetPasswordRequest(email): Promise<any>
Requests a password reset. Sends a password reset email to the specified email address.

Parameters

email
string
required
Email address for the account to reset.

Returns

Promise<any> Promise resolving when the password reset email is sent successfully.

Throws

Error if the email is invalid or the request fails.

Example

  await base44.auth.resetPasswordRequest('[email protected]');
  console.log('Password reset email sent!');
} catch (error) {
  console.error('Failed to send password reset email:', error);
}

resetPassword()

resetPassword(params): Promise<any>
Resets password using a reset token. Completes the password reset flow by setting a new password using the token received by email.

Parameters

params
ResetPasswordParams
required
Object containing the reset token and new password.
resetToken
string
required
Reset token received by email.
newPassword
string
required
New password to set.

Returns

Promise<any> Promise resolving when the password is reset successfully.

Throws

Error if the reset token is invalid, expired, or the request fails.

Example

  await base44.auth.resetPassword({
    resetToken: 'token-from-email',
    newPassword: 'newSecurePassword456'
  });
  console.log('Password reset successful!');
} catch (error) {
  console.error('Failed to reset password:', error);
}

changePassword()

changePassword(params): Promise<any>
Changes the user’s password. Updates the password for an authenticated user by verifying the current password and setting a new one.

Parameters

params
ChangePasswordParams
required
Object containing user ID, current password, and new password.
userId
string
required
User ID.
currentPassword
string
required
Current password for verification.
newPassword
string
required
New password to set.

Returns

Promise<any> Promise resolving when the password is changed successfully.

Throws

Error if the current password is incorrect or the request fails.

Example

  await base44.auth.changePassword({
    userId: 'user-123',
    currentPassword: 'oldPassword123',
    newPassword: 'newSecurePassword456'
  });
  console.log('Password changed successfully!');
} catch (error) {
  console.error('Failed to change password:', error);
}