Skip to main content

Overview

The Auth Api provides a complete set of authentication-related features, supporting various log-in methods, user management, and session management. The Auth Api is divided into 7 categories by purpose. Each category contains related Api methods, helping developers quickly find suitable APIs depending on specific needs.

Note

v3 version uses the open capability of Identity Verification HTTP API when calling relevant API for identity verification.

Basic Usage Examples

Publishable Key can go to Cloud Development Platform/API Key Configuration to generate

auth.detectSessionInUrl is an optional parameter for initialization. After configuration, it can automatically detect OAuth parameters (code, state) in the URL, suitable for usage scenarios such as signInWithOAuth and linkIdentity.

import cloudbase from "@cloudbase/js-sdk";

// Initialize it.
const app = cloudbase.init({
  env: "your-env-id", // Replace this value with your environment ID
  region: "ap-shanghai", // Region, defaults to Shanghai
  accessKey: "", // Fill in the generated Publishable Key
  auth: {
    detectSessionInUrl: true, // Option: automatically detect OAuth parameters in the URL, suitable for signInWithOAuth, linkIdentity
  },
});

const auth = app.auth;

Authentication login

signUp

async signUp(params: SignUpReq): Promise<SignUpRes>

Register a new user account, implement intelligent registration and login process.

Note

Phone number verification code registration is only supported in the Shanghai region

-Create a new user account -Implement intelligent registration and login process: send verification code → wait for user input → intelligently determine user existence → automatically log in or register and sign in. -If the user already exists, log in directly. If the user does not exist, register a new user and automatically log in.

参数

params
SignUpReq

返回

Promise
SignUpRes

示例

Step 1: Send a mailbox verification code and store verificationInfo.
const { data, error } = await auth.signUp({
  email: "newuser@example.com",
  password: "securePassword123",
  username: "newuser",
});

if (error) {
console.error("send Captcha failed:", error.message);
} else {
console.log("Captcha has been sent to email, waiting for user input...");

Step 2: Wait for user input of Captcha (using Promise to package the user input event)
const verificationCode = "123456"; // user input

Step 3: Intelligent verification process (automatically determine user existence)
  const { data: loginData, error: loginError } = await data.verifyOtp({
    token: verificationCode,
  });

  if (loginError) {
console.error("verification failed:", loginError.message);
  } else {
Step 4: Automatically complete registration or log in
console.log("operation successful, user information:", loginData.user);
console.log("session information:", loginData.session);
    console.log(
The system has automatically determined:
loginData.user?.email ? "New user registration and log in" : "Existing users log in directly"
    );
  }
}

signInAnonymously

async signInAnonymously(params?: SignInAnonymouslyReq): Promise<SignInRes>

Anonymous login, create a temporary anonymous user account.

-Create a temporary anonymous user account -No need to provide any authentication information

参数

params
SignInAnonymouslyReq

返回

Promise
SignInRes

示例

// Create an anonymous user
const { data, error } = await auth.signInAnonymously();

if (error) {
  console.error("anonymous login failed:", error.message);
  console.error("error code:", error.code);
} else {
  console.log("anonymous login success");
  console.log("anonymous user ID:", data.user?.ID);
  console.log("session information:", data.session);
  console.log("whether anonymous user:", data.user?.is_anonymous);
}

signInWithPassword

async signInWithPassword(params: SignInWithPasswordReq): Promise<SignInRes>

Log in with username, email, or mobile number and password.

-Support username, mailbox, or mobile number in conjunction with password as login methods (choose one). -Before using, please confirm that username and password login (enabled by default) is enabled in Cloud Development Platform/Identity Verification/Regular Login.

参数

params
SignInWithPasswordReq

返回

Promise
SignInRes

示例

const { data, error } = await auth.signInWithPassword({
  username: "testuser",
  password: "password123",
});

if (error) {
  console.error("login failed:", error.message);
} else {
  console.log("login successful, user information:", data.user);
  console.log("session information:", data.session);
}

signInWithOtp

async signInWithOtp(params: SignInWithOtpReq): Promise<SignInWithOtpRes>

Use one-time password (OTP) for login validation, supporting mailbox and SMS verification.

Note

SMS verification code is only supported in the Shanghai region

-Log in with one-time verification code sent to your mailbox or mobile number -Support the complete verification process: send verification code → wait for user input → verify and log in. -Suitable for passwordless login scenarios, offering higher security -Before using, please confirm that mailbox/SMS Captcha login is enabled in Cloud Development Platform/Identity Verification/Log-in Methods/Regular Login.

参数

params
SignInWithOtpReq

返回

Promise
SignInWithOtpRes

示例

const { data, error } = await auth.signInWithOtp({
  phone: "13800138000",
});

if (error) {
  console.error("send Captcha failed:", error.message);
} else {
  console.log("Captcha has been sent, waiting for user input...");

  // Verify the Captcha after user input
  const { data: loginData, error: loginError } = await data.verifyOtp({
    token: "123456",
  });

  if (loginError) {
    console.error("verification failed:", loginError.message);
  } else {
    console.log("login successful:", loginData.user);
    console.log("session information:", loginData.session);
  }
}

signInWithOAuth

async signInWithOAuth(params: SignInWithOAuthReq): Promise<SignInOAuthRes>

Generate authorization links for third-party platforms, supporting mainstream platforms such as WeChat and Google.

-Generate the authorization page URL for third-party platforms such as WeChat and Google. -Store status information in the browser session so that it can be verified subsequently -Support custom callback address and status parameter -Before using, please confirm that the corresponding OAuth identity source is enabled in Cloud Development Platform/Identity Verification/Log-in Methods.

Notes

-After calling this method, the status information is automatically saved to the browser session. When auth.detectSessionInUrl is set to true in cloudbase.init, verifyOAuth is automatically called for verification upon returning from a third-party callback, otherwise manually verify via the verifyOAuth method subsequently.

  • If no state parameter is provided, the system automatically generates a status parameter in the format prd-{provider}-{random string}. -The callback URL needs to be configured in the protected domains of the Cloud Development Platform, otherwise it will return a permission error.

参数

params
SignInWithOAuthReq

返回

Promise
SignInOAuthRes

示例

// Initialize it.
const app = cloudbase.init({
env: "your-env-id", // Replace this value with your environment ID
region: "ap-shanghai", // Region, defaults to Shanghai
accessKey: "", // Fill in the generated Publishable Key
  auth: {
detectSessionInUrl: true, // Option: automatically detect OAuth parameters in the URL
  },
});

const { data, error } = await auth.signInWithOAuth({
  provider: "wechat",
  options: {
    redirectTo: "https://example.com/callback",
    state: "wx_auth_123456",
  },
});

if (error) {
console.error("failed to obtain authorization link:", error.message);
} else {
console.log("Weixin authorization url:", data.url);
console.log("third-party platform:", data.provider);
navigate to the Weixin authorization page
  window.location.href = data.url;
}

signInWithIdToken

async signInWithIdToken(params: SignInWithIdTokenReq): Promise<SignInRes>

Log in using a third-party platform identity token, supporting mainstream platforms such as WeChat and Google.

-Log in using a third-party platform identity token, such as WeChat and Google.

参数

params
SignInWithIdTokenReq

返回

Promise
SignInRes

示例

const { data, error } = await auth.signInWithIdToken({
  provider: "wechat",
  token: "wx_token_1234567890",
});

if (error) {
  console.error("WeChat login failed:", error.message);
} else {
  console.log("WeChat login successful, user information:", data.user);
  console.log("session information:", data.session);
}

signInWithCustomTicket

async signInWithCustomTicket(getTickFn: GetCustomSignTicketFn): Promise<SignInRes>

Use custom login invoice to log in, support completely custom login process.

-Use custom login ticket to authenticate, login ticket creation can be performed on the server side using Create Custom Login Ticket API -Support passing functions to obtain custom login invoice -Suitable for scenarios where a fully custom login process is required

  • The detailed process of issuing a Ticket can be found in Custom Login

参数

getTickFn
GetCustomSignTicketFn

functions to obtain custom login invoice, return Promise<string>

返回

Promise
SignInRes

示例

functions to obtain custom login invoice
const getTickFn = () => Promise.resolve("custom_ticket_123456");

const { data, error } = await auth.signInWithCustomTicket(getTickFn);

if (error) {
console.error("custom login failed:", error.message);
} else {
console.log("custom login successful, user information:", data.user);
console.log("session information:", data.session);
}

signInWithOpenId

async signInWithOpenId(params?: SignInWithOpenIdReq): Promise<SignInRes>

WeChat mini program OpenID silent sign-in. If the user does not exist, it will determine whether to automatically register based on the login mode configuration of the corresponding identity source in the Cloud Development Platform login methods (https://tcb.cloud.tencent.com/dev?envId=#/identity/login-manage).

Note

Only supported for use in WeChat mini program

参数

params
SignInWithOpenIdReq

Login parameters

返回

Promise
SignInRes

示例

const { data, error } = await auth.signInWithOpenId();

signInWithPhoneAuth

async signInWithPhoneAuth(params: SignInWithPhoneAuthReq): Promise<SignInRes>

WeChat mini program mobile phone authorization sign-in. If the user does not exist, it will determine whether to automatically register based on the login mode configuration of the corresponding identity source in the Cloud Development Platform login methods (https://tcb.cloud.tencent.com/dev?envId=#/identity/login-manage).

Note

Only supported for use in WeChat mini program

参数

params
SignInWithPhoneAuthReq

Login parameters

返回

Promise
SignInRes

示例

const { data, error } = await auth.signInWithPhoneAuth({ phoneCode: "xxx" });

Session Management

getSession

async getSession(): Promise<SignInRes>

Get current session info and check user login status.

-Get current user session information, including access token and user information. -Check whether the user is logged in, return empty conversation if not logged in

参数

无参数

返回

Promise
SignInRes

示例

const { data, error } = await auth.getSession();

if (error) {
console.error("failed to get conversation:", error.message);
} else if (data.session) {
console.log("user logged in:", data.session.user);
console.log("Access token:", data.session.access_token);
console.log("Expiration time:", data.session.expires_in, "seconds");
} else {
console.log("user not logged in, please log in first");
Display the login button
  document.getElementById("loginBtn").style.display = "block";
}

refreshSession

async refreshSession(refresh_token?: string): Promise<SignInRes>

Refresh the session token, extend the user login status, support auto-renewal and error recovery.

-Use a refresh token to get a new access token -Extend the valid period of user sessions -Supports the use of designated refresh token or default token

参数

refresh_token
string

返回

Promise
SignInRes

示例

const { data, error } = await auth.refreshSession();

if (error) {
  console.error("refresh session fails:", error.message);
  // refresh fails, may need to log in again
  window.location.href = "/login";
} else {
  console.log(
    "Session refreshed successfully, new token:",
    data.session?.access_token
  );
  console.log("New expiration time:", data.session?.expires_in, "seconds");
}

setSession

async setSession(params: SetSessionReq): Promise<SignInRes>

Use existing access token and refresh token to set user session, support external system integration and manual session management.

-Use existing access_token and refresh_token to set user session -Suitable for scenarios where tokens are obtained from an external system and sessions are set manually. -Set session successfully to trigger SIGNED_IN event

参数

params
SetSessionReq

返回

Promise
SignInRes

示例

const { data, error } = await auth.setSession({
  access_token: "your_access_token_here",
  refresh_token: "your_refresh_token_here",
});

if (error) {
  console.error("session setting failed:", error.message);
} else {
  console.log("Session setting successful");
  console.log("user information:", data.user);
  console.log("session information:", data.session);
}

signOut

async signOut(params?: SignOutReq): Promise<SignOutRes>

User logout, purge current session and local storage.

-Log out current user login status securely -Purge server-side session and local storage -Support redirect to specified page

  • Trigger authentication status change events

参数

params
SignOutReq

返回

Promise
SignOutRes

示例

const { data, error } = await auth.signOut();

if (error) {
console.error("logout failed:", error.message);
} else {
console.log("logout successful");
Log out from IM and navigate to the login page
  window.location.href = "/login";
}

User Management

getUser

async getUser(): Promise<GetUserRes>

Obtain currently logged in user detailed information, including identity information, metadata and permission status, support users material show and access verification.

-Obtain currently logged in user complete information -including basic user information, metadata and identity information Users are advised to be logged in to obtain the complete information -Support user check, permission and status verification

参数

无参数

返回

Promise
GetUserRes

示例

const { data, error } = await auth.getUser();

if (error) {
  console.error("failed to obtain user information:", error.message);
} else if (data.user) {
  const user = data.user;
  console.log("uid:", user.ID);
  console.log("mailbox:", user.email);
  console.log("phone number:", user.phone);
  console.log("userName:", user.user_metadata?.username);
  console.log("Nickname:", user.user_metadata?.nickName);
  console.log("avatar:", user.user_metadata?.avatarUrl);
  console.log("registration time:", user.created_at);
} else {
  console.log("user not logged in");
}

refreshUser

async refreshUser(): Promise<CommonRes>

Refresh current logged-in user information.

-Refresh current logged-in user complete information

  • Re-fetch the latest user data from the server
  • Suitable for scenarios where user information may be updated but local cache remains unsynced User must be logged in to refresh information

参数

无参数

返回

Promise
CommonRes

示例

const { data, error } = await auth.refreshUser();

if (error) {
  console.error("failed to refresh user information:", error.message);
} else {
  console.log("user information refreshed");
  console.log("latest user information:", data.user);
  console.log("latest session information:", data.session);
}

updateUser

async updateUser(params: UpdateUserReq): Promise<GetUserRes>

Update current logged-in user information.

-Update password not supported. Please use resetPasswordForEmail, resetPasswordForOld or reauthenticate to update password. -Update current logged-in user basic info and metadata -Support updating mailbox, mobile number, username, Nickname, avatar, etc. -User must be logged in to update information Return upon success with updated user information

参数

params
UpdateUserReq

返回

Promise
GetUserRes

示例

const { data, error } = await auth.updateUser({
  nickname: "new nickname",
  gender: "MALE",
});

if (error) {
  console.error("failed to update user information:", error.message);
} else {
  console.log("user information updated:", data.user);
  console.log("new email:", data.user?.email);
  console.log("New nickname:", data.user?.user_metadata?.nickName);
}

deleteUser

async deleteUser(params: DeleteMeReq): Promise<CommonRes>

Delete the account of the current logged-in user.

-Permanently delete the account of the current logged-in user. -Verify user password to confirm identity. -Once deleted, ALL user data will be permanently removed. -This operation is irreversible. Use with caution.

参数

params
DeleteMeReq

返回

Promise
CommonRes

示例

const { data, error } = await auth.deleteUser({
  password: "userPassword123",
});

if (error) {
  console.error("account deletion failed:", error.message);
} else {
  console.log("account deleted successfully");
  // User logged out, redirect to homepage
  window.location.href = "/";
}

Identity Source Management

getUserIdentities

async getUserIdentities(): Promise<GetUserIdentitiesRes>

Retrieve all identity sources bound to the current user.

  • Retrieve all third-party identity sources. Related identity sources can be configured in Cloud Development Platform/Identity Verification/Log-in Methods. -Return detailed information of the identity source, including platform identifier, identity source ID and binding time. -User logged in status is required to retrieve identity source information.

参数

无参数

返回

Promise
GetUserIdentitiesRes

示例

const { data, error } = await auth.getUserIdentities();

if (error) {
  console.error("failed to retrieve identity source:", error.message);
} else if (data.identities) {
  console.log("identity source bound to user:", data.identities);

  data.identities.forEach((identity) => {
    console.log(
      `- ${identity.name} (${identity.provider}): ${identity.provider_user_id}`
    );
    console.log(
      `   Binding time: ${new Date(identity.created_at).toLocaleString()}`
    );
  });
} else {
  console.log("user not bound to any identity source");
}

linkIdentity

async linkIdentity(params: LinkIdentityReq): Promise<LinkIdentityRes>

Bind a new identity source to the current user, and it will automatically redirect to the third-party OAuth authorization page.

  • Bind a new third-party identity source to the current logged-in user. It supports binding third-party platforms such as WeChat, Google, and GitHub. The identity source must first be configured in Cloud Development Platform/Identity Verification/Login Methods.
  • After binding succeeded, the identity source is usable by users to log in.
  • User logged in status is required to bind an identity source -Set auth.detectSessionInUrl to true in cloudbase.init, and verifyOAuth will automatically verify after returning from a third-party callback, otherwise manually call the verifyOAuth method subsequently.

参数

params
LinkIdentityReq

返回

Promise
LinkIdentityRes

示例

const app = cloudbase.init({
env: "your-env-id", // Replace this value with your environment ID
region: "ap-shanghai", // Region, defaults to Shanghai
accessKey: "", // Fill in the generated Publishable Key
  auth: {
detectSessionInUrl: true, // Option: automatically detect OAuth parameters in the URL
  },
});

// Listen to the identity source bind event
auth.onAuthStateChange((event, session, info) => {
console.log("Authentication Status Transition:", { event, session, info });

  switch (event) {
    case "BIND_IDENTITY":
      if (!!info.error) {
console.error("failed to bind identity source:", info.error);
Here you can add UI error prompts
      } else {
console.log("identity source bound");
// Reload the identity source list
        await auth.getUserIdentities();
      }
      break;

    default:
      return;
  }
});

try {
  const { data, error } = await auth.linkIdentity({
    provider: "google",
  });

  if (error) {
console.error("failed to bind identity source:", error.message);
// handle bind failure logic
    return;
  }

console.log("identity source binding request sent, wait for user authorization...");
Binding request successful, waiting for user to complete the OAuth 2.0 authorization process
} catch (error) {
console.error("error occurs when calling the linkIdentity method:", error);
// Handle network error or other exceptions
}

unlinkIdentity

async unlinkIdentity(params: UnlinkIdentityReq): Promise<CommonRes>

Unbind the identity source bound to the current user.

  • Unbind the third-party identity source bound to the current logged-in user. Related identity sources can be configured in Cloud Development Platform/Identity Verification/Log-in Methods.
  • Unbinding is successful. Reload the identity source list.
  • Use the identity source flag (provider) instead of the identity source ID (identity_id) to proceed with unbinding.

参数

params
UnlinkIdentityReq

返回

Promise
CommonRes

示例

const { data, error } = await auth.unlinkIdentity({
  provider: "wechat",
});

if (error) {
  console.error("failed to unbind identity source:", error.message);
} else {
  console.log("identity source unbinding succeeded");

  // Reload the identity source list
  await auth.getUserIdentities();
}

Password Management

resetPasswordForEmail

async resetPasswordForEmail(email: string): Promise<ResetPasswordForEmailRes>

Reset user password via mailbox using a four-step verification process.

-Send verification code via mailbox to reset user password -Use a four-step verification process: send verification code → wait for user input → verify verification code → set new password. -The user email must be registered and verified.

参数

email
string

User registration email address

返回

Promise
ResetPasswordForEmailRes

示例

// Step 1: Send verification to mailbox
const { data, error } = await auth.resetPasswordForEmail("user@example.com");

if (error) {
console.error("send Captcha failed:", error.message);
} else {
console.log("Captcha has been sent to email, waiting for user input...");

Step 2: Wait for user input of Captcha and new password.
const verificationCode = "123456"; // user input
const newPassword = "newSecurePassword123"; // user-entered new password

// Step 3: Verify the verification code and set new password
  const { data: loginData, error: loginError } = await data.updateUser({
    nonce: verificationCode,
    password: newPassword,
  });

  if (loginError) {
console.error("password resetting failed:", loginError.message);
  } else {
console.log("password reset successful, user automatically logged in");
console.log("user information:", loginData.user);
  }
}

resetPasswordForOld

async resetPasswordForOld(params: ResetPasswordForOldReq): Promise<SignInRes>

Reset the password of the current logged-in user with the old password.

-Reset the password of the current logged-in user by verifying the old password. -User must be logged in. -Suitable for scenarios where users remember the old password

参数

params
ResetPasswordForOldReq

返回

Promise
SignInRes

示例

const { data, error } = await auth.resetPasswordForOld({
  new_password: "newSecurePassword123",
  old_password: "oldPassword123",
});

if (error) {
  console.error("password reset failed:", error.message);
} else {
  console.log("password reset successful");
  console.log("user information:", data.user);
  console.log("session information:", data.session);
}

reauthenticate

async reauthenticate(): Promise<ReauthenticateRes>

Re-authenticate the current logged-in user identity, verify with Captcha and allow password change.

Note

SMS verification code is only supported in the Shanghai region

-Re-authenticate the present logged-in user identity and support password update. -Verify by sending a verification code to the user's registered mailbox or mobile number, giving priority to the mailbox. If the user has not set a mailbox, use the mobile number. -Applicable to identity verification before security-sensitive operations

参数

无参数

返回

Promise
ReauthenticateRes

示例

// Step 1: Send Captcha (use current user information)
const { data, error } = await auth.reauthenticate();

if (error) {
console.error("send Captcha failed:", error.message);
} else {
console.log("Captcha has been sent, waiting for user input...");

Step 2: Wait for user input of Captcha and new password.
const verificationCode = "123456"; // user input
const newPassword = "newSecurePassword123"; // user-entered new password

// Step 3: Verify the verification code and set new password
  const { data: loginData, error: loginError } = await data.updateUser({
    nonce: verificationCode,
    password: newPassword,
  });

  if (loginError) {
console.error("authentication fail again:", loginError.message);
  } else {
console.log("Re-authenticate successful, password updated");
console.log("user information:", loginData.user);
  }
}

Verification Management

verifyOAuth

async verifyOAuth(params?: VerifyOAuthReq): Promise<SignInRes>

Verify the third-party platform authorization callback and complete the OAuth login process.

-Verify the third-party platform authorization callback, retrieve user information, complete login, and use in conjunction with signInWithOAuth. -Support auto retrieval of authorization code and status parameter from URL parameter -Provide a complete security verification mechanism to prevent CSRF attacks

参数

params
VerifyOAuthReq

返回

Promise
SignInRes

示例

// Call on the callback page to automatically obtain URL parameters
const { data, error } = await auth.verifyOAuth();

if (error) {
console.error("authorization verification failed:", error.message);
} else {
console.log("authorization successful, user information:", data.user);
console.log("session information:", data.session);

Navigate to the homepage after successful verification
  window.location.href = "/home";
}

verifyOtp

async verifyOtp(params: VerifyOtpReq): Promise<SignInRes>

Verify the one-time password (OTP) to complete login or sign-up process.

Note

SMS verification code is only supported in the Shanghai region

-Verify the one-time password (OTP) sent to your mailbox or mobile number. -Support two verification methods: mailbox or mobile number (choose one)

  • Automatically log in the user and return session information after successful verification
  • Suitable for registration, login, and password reset scenarios

参数

params
VerifyOtpReq

返回

Promise
SignInRes

示例

const phone = "13800138000";

// 1. Get a Captcha
const { data } = await auth.resend({ phone });

// 2. Verify the Captcha
const { data: verifyData, error } = await auth.verifyOtp({
  phone: "13800138000",
  token: "123456",
  messageId: data.messageId,
});

if (error) {
console.error("verification failed:", error.message);
} else {
console.log("verification successful, user information:", data: verifyData.user);
console.log("session information:", data: verifyData.session);
}

resend

async resend(params: ResendReq): Promise<ResendRes>

Resend Captcha to mailbox or phone number.

Note

SMS verification code is only supported in the Shanghai region

-Resend verification code to user's mailbox or mobile number -Support registration, mailbox update, mobile number change, and other scenarios. -Resend to get a new message ID for verification process -Provide rate limit protection to prevent malicious resend

参数

params
ResendReq

返回

Promise
ResendRes

示例

// Send verification code for the first time
const { data, error } = await auth.signInWithOtp({ phone: "13800138000" });

// Captcha verification callback
let signUpVerify = data.verifyOtp;

// Resend Captcha to get a new messageId
const { data: resendData, error: resendError } = await auth.resend({
  phone: "13800138000",
  type: "signup",
});

if (resendError) {
  console.error("resend verification code failed:", resendError.message);
  console.error("error code:", resendError.code);
} else {
  console.log("verification code resent, message ID:", resendData.messageId);

  // Pass the new messageId to the callback parameter of signInWithOtp() or signUp()
  const verificationCode = "123456"; // user input
  const messageId = resendData.messageId; // new messageId

  // Use the new messageId to verify
  const { data: loginData, error: loginError } = await signUpVerify({
    token: verificationCode,
    messageId,
  });

  if (loginError) {
    console.error("verification failed:", loginError.message);
  } else {
    console.log("Verification successful");
  }

  // Countdown starts
  startCountdown(60);
}

Other tools

onAuthStateChange

onAuthStateChange(callback: OnAuthStateChangeCallback): OnAuthStateChangeResult

Listen to authentication status changes and respond to events such as logon, logout, and token refresh in real time.

-Listen to user authentication status change events -Support various event types: logon, log out, token refresh, user information update, identity source bind. -Return the subscription object for cancel listening

  • Suitable to build responsive UI and status management

参数

callback
OnAuthStateChangeCallback

Status change callback function

返回

OnAuthStateChangeResult
object

示例

const { data } = auth.onAuthStateChange((event, session, info) => {
  console.log("Authentication Status Transition:", event, session, info);

  switch (event) {
    case "INITIAL_SESSION":
      console.log("initial session established");
      if (session) {
        console.log("user logged in:", session.user?.email);
      } else {
        console.log("user not logged in");
      }
      break;

    case "SIGNED_IN":
      console.log("user login successful:", session.user?.email);
      // Update UI display
      document.getElementById("loginBtn").style.display = "none";
      document.getElementById("userInfo").style.display = "block";
      document.getElementById("userEmail").innerText =
        session.user?.email || "";
      break;

    case "SIGNED_OUT":
      console.log("user logged out");
      // Update UI display
      document.getElementById("loginBtn").style.display = "block";
      document.getElementById("userInfo").style.display = "none";
      break;

    case "PASSWORD_RECOVERY":
      console.log("password reset");
      // Show the password reset interface
      document.getElementById("passwordResetForm").style.display = "block";
      break;

    case "TOKEN_REFRESHED":
      console.log("Token refreshed");
      break;

    case "USER_UPDATED":
      console.log("user information updated");
      // Update user information display
      if (session) {
        document.getElementById("userEmail").innerText =
          session.user?.email || "";
        document.getElementById("userAvatar").src =
          session.user?.user_metadata?.avatarUrl || "";
      }
      break;

    case "BIND_IDENTITY":
      console.log("identity source binding result");
      if (!!info.error) {
        console.log("identity source binding failed");
      } else {
        console.log("identity source bound");
      }
      break;
  }
});

// Cancel listening (called during component uninstallation)
// data.subscription.unsubscribe();

getClaims

async getClaims(): Promise<GetClaimsRes>

Retrieve the claim info from the current access token for debug and permission check.

-Parse the JWT claim info from the current access token. -Return the header, declaration, and signature of the token. -Debug token info, check permissions, and verify token status. -Users are advised to be logged in to obtain token info

参数

无参数

返回

Promise
GetClaimsRes

示例

const { data, error } = await auth.getClaims();

if (error) {
  console.error("failed to retrieve declaration:", error.message);
} else {
  console.log("Token claim information:", data.claims);
  console.log("Token header information:", data.header);
  console.log("Token signature:", data.signature);

  // Parse user information
  if (data.claims) {
    console.log("uid:", data.claims.sub);
    console.log(
      "Expiration time:",
      new Date(data.claims.exp * 1000).toLocaleString()
    );
    console.log(
      "Issuance time:",
      new Date(data.claims.iat * 1000).toLocaleString()
    );
    console.log("user role:", data.claims.role);
  }
}

toDefaultLoginPage

async toDefaultLoginPage(params: authModels.ToDefaultLoginPage): Promise<void>

Redirect to the default login page, fully compatible with web and WeChat mini program.

-Support redirection to the system default login page -Compatible with Web and WeChat mini program.

  • Configurable login page version and redirect address -Support redirect with custom parameters
Debug locally

If you develop a Web application, since the static resources of the __auth login page are stored in Website Hosting, you need to configure a proxy during local debugging to successfully redirect to the __auth login page.

Recommended to use the Whistle tool to configure proxy. The access domain of the __auth login page can be viewed in Static Website Hosting - Configuration Message - Default Domain Name.

Assuming the access address of the locally started application is http://localhost:3000 and the access domain of the __auth login page is lowcode-xxx-xxx.tcloudbaseapp.com, the Rules configuration of the Whistle proxy is as follows:

https://lowcode-xxx-xxx.tcloudbaseapp.com http://localhost:3000

# Configure proxy for other application paths

After running the application, it can be accessed via https://lowcode-xxx-xxx.tcloudbaseapp.com

参数

params
ToDefaultLoginPageReq

返回

Promise
CommonRes

示例

const app = cloudbase.init({
  env: "xxxx-yyy",
  region: "ap-shanghai", // Defaults to Shanghai region if not specified
});

const auth = app.auth();

await auth.toDefaultLoginPage({
  config_version: "env",
  app_id: "app-xxx",
  redirect_uri: "xxx",
});

Error Code

Login error

Error CodeDescription
not_founduser does not exist
password_not_setThe current user has not set a password. Please use Captcha to log in or third-party login method
invalid_passwordIncorrect Password
user_pendinguser not activated
user_blockeduser disabled
invalid_statusExceeds the maximum number of retries for password, try again later
invalid_two_factorCaptcha mismatch or outdated

Registration error

Error CodeDescription
failed_preconditionThe phone number or mailbox you input has been registered, please use another number
Error CodeDescription
failed_preconditionfailed to obtain user information from third party
resource_exhaustedYour attempts are too frequent, try again later
invalid_argumentThe input verification code is incorrect or expired
abortedToo many attempts, go back to the first page and try again later
permission_deniedYour current session expired, return and retry
captcha_requiredCaptcha is required, based on robot service access
captcha_invalidIncorrect Captcha, based on robot service access

Other Errors

Error CodeDescription
unreachableNetwork error, check your network connection and try again later

Error Description

Error CodeError DescriptionDescription
permission_deniedcors permission denied, check if {url} is in your client {env} domainsplease check whether it has been configured in "cloud Development Platform/Environment Configuration/Secure source/Protected domains" (https://tcb.cloud.tencent.com/dev?envId=#/env/safety-source) for the corresponding {env} environment. It will take effect 10 minutes after configuration.

Complete type definition

SignInAnonymouslyReq

// Anonymous login parameters
interface SignInAnonymouslyReq {
  provider_token?: string; // token (optional)
}

User

interface User {
id: any; // User ID
aud: string; // Audience
role: string[]; // user role
email: any; // Email
email_confirmed_at: string; // Email confirmation time
phone: any; // Phone number
phone_confirmed_at: string; // Mobile number confirmation time
confirmed_at: string; // Confirmation time
last_sign_in_at: string; // Last login time
  app_metadata: {
app_metadata: {
provider: any; // Provider
providers: any[]; // Provider list
  };
  user_metadata: {
user_metadata: {
name: any; // Name
picture: any; // Avatar
username: any; // Username
gender: any; // Gender
locale: any; // Region
uid: any; // User ID
nickName: any; // Nickname
avatarUrl: any; // Avatar URL
location: any; // Location
hasPassword: any; // Whether there is a password
  };
identities: any; // Identity information
created_at: string; // Creation time
updated_at: string; // Update time
is_anonymous: boolean; // Whether the user is anonymous
  // Add a field.
recovery_sent_at?: string; // Password reset send time
email_change_sent_at?: string; // Email change send time
phone_change_sent_at?: string; // Phone number change send time
new_email?: string; // New email address
new_phone?: string; // New phone number
}

Session

interface Session {
  access_token: string; // Access token
  refresh_token: string; // Refresh token
  expires_in: number; // Expiration time (seconds)
  token_type: string; // Token type
  user: User; // User information
  // Add a field.
  provider_token?: string; // Third-party platform token
  provider_refresh_token?: string; // Third-party platform refresh token
  expires_at?: number; // Expiry timestamp
  issued_at?: number; // Issuance timestamp
  scope?: string; // Authorization scope
  token_id?: string; // Token ID
}

AuthError

// Authentication error type
interface AuthError extends Error {
  code: (string & {}) | undefined; // Error code
  status: number | undefined; // HTTP Status Code
  // Common error codes
  // 400: Client Error
  // - invalid_email: Incorrect email format
  // - invalid_phone: Incorrect phone number format
  // - invalid_password: Invalid password format
  // - user_not_found: user does not exist
  // - email_already_exists: Email already exists
  // - phone_already_exists: Phone number already exists
  // - username_already_exists: Username already exists
  // - invalid_code: Invalid verification code
  // - code_expired: Captcha expired
  // - max_attempts_exceeded: Too many verification attempts
  // - password_too_weak: Password strength is insufficient
  // - invalid_token: Token invalid
  // - token_expired: Token expired
  // - state_mismatch: State parameter mismatch
  // - provider_not_supported: Unsupported third-party platform
  // - provider_mismatch: Third-party platform flag mismatch
  // - failed_precondition: Prerequisite failed
  // - permission_denied: Insufficient permissions
  // - resource_exhausted: Resource exhaustion
  // - unreachable: Network connection failed
  // 500: Server Error
  // - internal_error: Internal Server Error
  // - service_unavailable: Service unavailable
}

CommonRes

// Common response parameters
interface CommonRes {
  data: {}; // An empty object when successful
  error: AuthError | null; // error information, null if successful
}

SignUpReq

// User registration parameters (four-step verification process)
interface SignUpReq {
  email?: string; // Email address (optional, choose either this or a phone number)
  phone?: string; // Mobile number (optional, choose either this or a mailbox)
  password: string; // Password (required)
  username?: string; // Username (optional), length 5-24 characters, supports Chinese and English letters, digits, and special characters (only _- allowed). Chinese characters are not allowed.
  nickname?: string; // Nickname (optional)
  avatar_url?: string; // Avatar URL (optional)
  gender?: "MALE" | "FEMALE"; // Gender (optional)
}

SignOutReq

// User logout parameters
interface SignOutReq {
  options?: {
    // Configuration options (optional)
    redirectTo?: string; // Redirection address after log out
    clearStorage?: boolean; // Whether to clear local storage (default true)
  };
}

SignInWithPasswordReq

// Password login parameters
interface SignInWithPasswordReq {
  username?: string; // Username (optional, selectable with mailbox or phone number), length 5-24 characters, supports Chinese and English letters, digits, and special characters (only _- allowed). Chinese characters are not allowed.
  email?: string; // Email address (optional, choose either this, a username, or a phone number)
  phone?: string; // Mobile number (optional, choose either this, a username, or a mailbox)
  password: string; // Password (required)
  is_encrypt?: boolean; // Encrypted or not; default false
}

SignInWithIdTokenReq

// ID-token login parameters
interface SignInWithIdTokenReq {
  provider?: string; // Third-party platform flag (optional)
  token: string; // Third-party platform identity token (required)
  // Add a field.
  provider?: string; // Third-party platform flag (optional, duplicate parameter with provider, reserved for compatibility)
}

SignInWithOtpReq

// OTP login parameters
interface SignInWithOtpReq {
  email?: string; // Email address (optional, choose either this or a phone number)
  phone?: string; // Mobile number (optional, choose either this or a mailbox)
}

SignInWithOAuthReq

// OAuth authorization parameter
interface SignInWithOAuthReq {
  provider: string; // Third-party platform flag (required)
  options?: {
    // Configuration options (optional)
    redirectTo?: string; // Callback URL, defaults to current page
    skipBrowserRedirect?: boolean; // Whether to navigate to the authorization page, false by default
    state?: string; // Status parameter, used for security verification, defaults to a random string (format: prd-{provider}-{random string})
    queryParams?: Record<string, string>; // Additional query parameters, merged into the authorization URI
    type?: "sign_in" | "bind_identity"; // Type (optional), defaults to 'sign_in', sign_in: sign in, bind_identity: bind identity
  };
}

SetSessionReq

// Session setting parameters
interface SetSessionReq {
  access_token: string; // Access token (required)
  refresh_token: string; // Refresh token (required)
}

VerifyOAuthReq

// OAuth verification parameter
interface VerifyOAuthReq {
  code?: string; // Authorization code (optional, default from URL parameter access)
  state?: string; // Status parameter (optional, default from URL parameter access)
  provider?: string; // Third-party platform flag (optional, default from session retrieval)
}

VerifyOtpReq

// OTP verification parameters
interface VerifyOtpReq {
  type?:
    | "sms"
    | "phone_change"
    | "signup"
    | "invite"
    | "magiclink"
    | "recovery"
    | "email_change";
  email; // Validation type (optional)
  email?: string; // Email address (optional, choose either this or a phone number)
  phone?: string; // Mobile number (optional, choose either this or a mailbox)
  token: string; // Captcha (required)
  messageId: string; // ID corresponding to the verification code (required)
}

UpdateUserReq

// User information update parameter
interface UpdateUserReq {
  email?: string; // Email address
  phone?: string; // Phone number
  username?: string; // Username (optional), length 5-24 characters, supports Chinese and English letters, digits, and special characters (only _- allowed). Chinese characters are not allowed.
  description?: string; // Description (optional)
  avatar_url?: string; // Avatar URL (optional)
  nickname?: string; // Nickname (optional)
  gender?: "MALE" | "FEMALE"; // Gender (optional)
}

LinkIdentityReq

// Identity source bind parameter
interface LinkIdentityReq {
  provider: string; // Identity source flag (required)
}

UnlinkIdentityReq

// Identity source unbind parameter
interface UnlinkIdentityReq {
  provider: string; // Identity source flag (required)
}

ReauthenticateReq

// Re-authenticate parameter
interface ReauthenticateReq {
  // No input parameters, use the current logged-in user's info
}

ResendReq

// Resend verification code parameter
interface ResendReq {
  email?: string; // Email address (optional, choose either this or a phone number)
  phone?: string; // Mobile number (optional, choose either this or a mailbox)
  type?: "signup" | "email_change" | "phone_change" | "sms"; // Type (optional)
}

ResendRes

// Resend verification code response parameter
interface ResendRes {
  data: {
    messageId?: string; // message ID (verification code ID)
  };
  error: AuthError | null; // error information, null if successful
}

SignInWithOtpRes

// OTP login response parameters
interface SignInWithOtpRes {
  data: {
    verifyOtp?: (params: {
      token: string;
      messageId?: string;
    }) => Promise<SignInRes>; // Captcha callback function, supports messageId parameter
  };
  error: AuthError | null; // error information, null if successful
}

SignUpRes

// User registration response parameters
interface SignUpRes {
  data: {
    verifyOtp?: (params: {
      token: string;
      messageId?: string;
    }) => Promise<SignInRes>; // Captcha callback function, supports messageId parameter
  };
  error: AuthError | null;
}

SignInOAuthRes

// OAuth authorization response parameters
interface SignInOAuthRes {
  data: {
    url?: string; // Authorization page URL
    provider?: string; // Third-party platform flag
    scopes?: string; // Authorization scope
  };
  error: AuthError | null; // error information, null if successful
}

LinkIdentityRes

// Identity source bind response parameter
interface LinkIdentityRes {
  data: {
    provider?: string; // Bound identity source flag
    type?: "sign_in" | "bind_identity" | ""; // Type (optional), defaults to 'sign_in', sign_in: sign in, bind_identity: bind identity
  };
  error: AuthError | null; // error information, null if successful
}

Identity

interface Identity {
  id: string; // Identity source flag
  name: string; // Identity source name
  picture: string; // Avatar URL
}

GetUserIdentitiesRes

// User identity source retrieval response parameter
interface GetUserIdentitiesRes {
  data: {
    identities?: Array<{
      id: string; // Identity source flag
      name: string; // Identity source name
      picture: string; // Avatar URL
    }>;
  };
  error: AuthError | null; // error information, null if successful
}

GetClaimsRes

// Declaration information acquisition response parameter
interface GetClaimsRes {
  data: {
    // token declaration info
    claims?: {
      iss: string; // issuer
      sub: string; // subject
      aud: string; //  audience
      exp: number; //  expiration time
      iat: number; // issued at
      at_hash: string; // access token hash
      name: string; // Name
      picture?: string; // Avatar URL
      email?: string; // Email
      phone_number?: string; // Phone number
      scope: string; // Authorization scope
      project_id: string; // Project ID
      provider?: string; // Third-party platform flag
      provider_type?: string; // Third-party platform type
      groups?: string[]; // User group
      meta?: {
        wxOpenId?: string;
        wxUnionId?: string;
      };
      user_id: string; // uid
      roles: string[]; // role
      user_type: string; // Type of user
      client_type: string; // Client type
      is_system_admin: boolean; // System admin
    };
    // token header information
    header?: {
      alg: string; // Encryption algorithm
      kid: string; // Token ID
    };
    signature?: string; // Token signature
  };
  error: AuthError | null; // error information, null if successful
}

ResetPasswordForOldReq

// Reset the password parameter with the old password
interface ResetPasswordForOldReq {
  new_password: string; // New password (required)
  old_password: string; // Old password (required)
}

DeleteMeReq

// Delete current user parameters
interface DeleteMeReq {
  password: string; // User password (required)
}

SignInRes

// Login response parameters
interface SignInRes {
  data: {
    user?: User; // User information
    session?: Session; // Session information
  };
  error: AuthError | null; // error information, null if successful
}

GetUserRes

// User information retrieval response parameter
interface GetUserRes {
  data: {
    user?: User; // User details
  };
  error: AuthError | null; // error information, null if successful
}

OnAuthStateChangeEvent

// Authentication status change event type
type OnAuthStateChangeEvent =
  | "SIGNED_OUT" // User logged out
  | "SIGNED_IN" // User login successful
  | "INITIAL_SESSION" // Initial session established
  | "PASSWORD_RECOVERY" // Password reset
  | "TOKEN_REFRESHED" // Token refreshed
  | "USER_UPDATED" // User information updated
  | "BIND_IDENTITY"; // Identity source binding result

OnAuthStateChangeCallback

// Authentication status change callback function type
type OnAuthStateChangeCallback = (
  event: OnAuthStateChangeEvent,
  session: Session
) => void;

ResetPasswordForEmailRes

// Mailbox password reset response parameter
interface ResetPasswordForEmailRes {
  data: {
    updateUser?: (attributes: UpdateUserAttributes) => Promise<SignInRes>; // Captcha callback function, supports new password parameter
  };
  error: AuthError | null; // error information, null if successful
}

UpdateUserAttributes

// User attribute update parameter
interface UpdateUserAttributes {
  nonce: string; // Captcha
  password: string; // New password
}

ReauthenticateRes

// Re-authenticate response parameter
interface ReauthenticateRes {
  data: {
    updateUser?: (attributes: UpdateUserAttributes) => Promise<SignInRes>; // Captcha callback function, supports new password parameter
  };
  error: AuthError | null; // error information, null if successful
}