Email and Password
Users often expect to sign in to your site with a password. Openfort Auth helps you implement password-based auth safely, using secure configuration options and best practices for storing and verifying passwords.
Sign up a user#
You directly receives the access token after the user confirms their email.
To sign up the user, call signUpWithEmailPassword() with their email address and password.
You can optionally specify a URL to redirect to after the user clicks the confirmation link. This URL must be configured as a Redirect URL. If you don't specify a redirect URL, the user is automatically redirected to your site URL.
_18import Openfort from "@openfort/openfort-js";_18const openfort = new Openfort({_18 baseConfiguration: {_18 publishableKey: OPENFORT_PUBLISHABLE_KEY_18 }_18});_18_18async function signUpNewUser() {_18 await openfort.signUpWithEmailPassword({_18 email: email,_18 password: password,_18 options: {_18 data: {_18 name: first_name + ' ' + last_name,_18 },_18 },_18 });_18}
If you want the users to verify their email, you can send them an email after sign up with:
_10await openfort.requestEmailVerification({_10 email: email,_10 redirectUrl: 'http://example.com/account/register',_10 });
Log in a user#
When your user signs in, call logInWithEmailPassword() with their email address and password:
_14import Openfort from "@openfort/openfort-js";_14_14const openfort = new Openfort({_14 baseConfiguration: {_14 publishableKey: OPENFORT_PUBLISHABLE_KEY_14 }_14});_14_14async function logInpUser() {_14 await openfort.logInWithEmailPassword({_14 email: email,_14 password: password_14 });_14}
Uppon successful authentication, the SDK will return a token that can be used to authenticate the user in your application.
Resetting a password (Forgot password)#
Step 1: Create a reset password page#
Create a reset password page. This page should be publicly accessible. Collect the user's email address and request a password reset email. Specify the redirect URL, which should point to the URL of a change password page.
_10await openfort.requestResetPassword({_10 email: 'hello@example.com',_10 redirectUrl: 'http://example.com/account/update-password',_10})
Step 2: Create a change password page#
Create a change password page at the URL you specified in the previous step. This page should be accessible only to authenticated users. Collect the user's new password and call updateUser to update their password.
You should also pass the state parameters, which should be available in the URL of the change password page. This is to prevent CSRF attacks.
_10await openfort.resetPassword({_10 email: 'hello@example.com',_10 password: 'new-password',_10 state: 'verification-state',_10})
Email Sending#
The signup confirmation and password reset flows require an SMTP server to send emails.
The Openfort platform comes with a default email-sending service for you to try out. The service has a rate limit of 3 emails per hour, and availability is on a best-effort basis. For production use, you should consider configuring a custom SMTP server.
See the Custom SMTP guide for instructions.