await uthentic.login();
The most basic usage of Uthentic is simply calling uthentic.login()
. The login
method will return a promise that is resolved
when the login sequence is complete and the user's identity has been validated. The login
method performs the following steps with no setup and
no additional code.
Whenever a user is logged in, you can access the uthentic.user
object that contains information about the currently logged in user and the their account.
{
"id": "0atMntshIh...", //unique 32-char identifier for this user
"accountID": "ufUjO4I6tB...", //unique 32-char identifier for this account
"token": "CXTaG5Vxvq...", //an encrypted token that identifies this user (see: Server-Side Auth)
"profile": {
"email": "john.doe@example.com",
"firstName": "John",
"lastName": "Doe",
"name": "John Doe"
},
"role": "Owner" //the Role of this user for this account
}
When a user logs in, Uthentic stores a token on their device. This token is valid for 34 days. Uthentic automatically validates the token in the background once every 15 minutes. If a user does not visit your site for 34 days, their user token will expire. When they visit your site again, they will have to log back in.
To force re-validation of a user at any point (such as when permissions are changed), you can call:
await uthentic.auth(true);
You can access information about the user in JavaScript via the uthentic.user
object (more info).
Of particula importance is the uthentic.user.token
property. Once this value is passed to your backend, you can make an API call to Uthentic to
verify the validity of the token, confirming that a user is actually who they say they are.
API call to validate a user-token
POST https://auth.uthentic.net/api/v2020-10-25/validate-token
HEADERS:
x-secret-key={your-secret-key}
x-auth-token={the-auth-token-of-your-user}
BODY:
empty body
Success response (JSON)
{
"success": true,
"accountID": "ufUjO4I6tB...",
"userID": "0atMntshIh...",
"emailAddress": "john.doe@example.com"
}
Failure response (JSON)
{
"success": false,
"error": "Unauthorized",
"details": "User creds not for this app"
}
Uthentic provides a couple of helper methods that include x-app-id
and x-auth-token
headers containing the app id and the user's token, respectively.
x-app-id
and x-auth-token
headers, expecting a JSON response. Returns a promise that resolves into a JavaScript object.var result = await uthentic.get(myURL);
form-urlencoded POST
request including x-app-id
and x-auth-token
headers, expecting a JSON response.
Returns a promise that resolves into a Javascript object.
var result = await uthentic.post(myURL, dataToPost);