Queries¶
Register¶
To register simply use the register mutation. You will have to provide the different fields of your user model. Please refer to the Extended Schema section to learn how to customize your user model.
Errors:
EmailAlreadyExistsError,
UserValidationError,
EncryptionFailedError.
Once registered you will receive an email to verify your account. This email is customizable, see Config.verifyEmailTemplate.
Clicking on the link will lead you to a notification page. This page is customizable, see Config.notificationPageTemplate.
Login¶
To log-in simply use the login mutation. You will have to your email and password. It will return your authentication token with its expiry date and set an HttpOnly cookie with a refresh token. Save the authentication token and its expiry date in a variable of your app and not in the localstorage (prone to XSS).
You will be able to access private mutations/queries by including it in the Authorization header of the request as a Bearer token. This token will be usable until its expiry date (by default 15 minutes). When outdated refresh it by calling the refreshToken mutation.
Errors:
UserNotFoundError,
TokenEncryptionError.
Access user private data¶
To access your own private data use the me query. You have to be logged in to perform this request. Simply include your authentication token as Bearer token in the Authorization header of your request (see GraphQL Queries).
Errors:
Errors:
UnauthorizedError.
Update user information¶
To change any of your user fields, use the updateMe mutation. You have to be logged in to perform this request. Simply include your authentication token as Bearer token in the Authorization header of your request (see GraphQL Queries). If you update your email, you will receive a verification email like for registration. To change your password, please see in the next section.
Errors:
UnauthorizedError,
EmailAlreadyExistsError,
UsernameAlreadyExistsError,
UserValidationError.
Note
By updating your user data, remember to refresh your auth token by calling the refreshToken mutation. If you don’t, other services decrypting the token with the Public Key would have an outdated version of your data.
Change password¶
To change your password, use the updateMe mutation passing your previousPassword and your new desired password. You have to be logged in to perform this request. Simply include your authentication token as Bearer token in the Authorization header of your request (see GraphQL Queries).
Errors:
UnauthorizedError,
WrongPasswordError,
EncryptionFailedError.
Refresh token¶
By default your authentication token is valid for 15 minutes. To refresh it, use the refreshToken mutation. It will send you back a new authentication token and expiry date. You don’t need to pass your actual authentication token in the Authorization header, it only needs the cookie containing your refresh token transmitted by default by your browser. This refresh token will also be refreshed. Thus, unless you stay inactive during a long period of time (by default 7 days), you will never have to log-in again.
Get public key¶
Easily fetch the public key of the service with this query in order to decode the authentication token on your other web servers/apps, see Decoding JSON Web Tokens.
Reset password¶
To reset your forgotten password, use the sendPasswordRecoveryEmail query passing the email address of your account.
If your email is present in the user database you will receive an email to reset your password. This email is customizable, see Config.resetPasswordEmailTemplate.
Clicking on the link will lead you to a notification page. This page is customizable, see Config.resetPasswordFormTemplate.
Delete account¶
To delete your account, use the deleteMe mutation. You have to be logged in to perform this request. Simply include your authentication token as Bearer token in the Authorization header of your request (see GraphQL Queries).
Errors:
WrongPasswordError,
UnauthorizedError.
Check for available credentials¶
To know if an email is available use the emailAvailable query.
Get public user data¶
There are many query types to fetch public user data. You don’t need to be authenticated to perform those queries. It will retrieve only the user data declared as public in your user model. See Extended Schema to learn how to customize your user model.
To fetch one public user information from any of its public fields use the userOne query.
To fetch public user information from its id use use the userById query.
To fetch multiple users from any of its public fields use the userMany query.
To count users, with filters on one some of the public fields, use the userCount query.
To fetch public user information from a list of ids use the userByIds query.
To get a paginated list of users, with filters on one some of the public fields, use the userPagination query.
Errors¶
-
EmailAlreadyExistsError¶ Email already exists in the database.
-
WrongPasswordError¶ Password does not match.
-
UpdatePasswordTooLateError¶ Account recorery email too old
-
EmailNotSentError¶ Email could not be sent.
-
UserNotFoundError¶ User not found.
Request not authorized.
-
TokenEncryptionError¶ User token encryption failed.
-
EmailAlreadyConfirmedError¶ Email already confirmed.
-
UserValidationError¶ User updates do not pass the fields’ validator.
-
AlreadyLoggedInError¶ User already logged in.
-
EncryptionFailedError¶ Encryption failed.