Skip to main content
You can access auth methods via client.auth. When you call login() or refreshToken(), the module stores the accessToken and uses it for subsequent authenticated requests such as me() or updateProfile().

signUp

Create a new user account. 
signUp(payload: SignUpPayload): Promise<AuthUser>
Example 
const user = await client.auth.signUp({
  email: 'alice@example.com',
  password: 'secret123',
  username: 'alice_dev',
  name: 'Alice',
});

login

Authenticate an existing user. The returned accessToken is stored internally. 
login(payload: LoginPayload): Promise<AuthResponse>
Returns AuthResponse 
interface AuthResponse {
  accessToken?: string;
  token?: string; // Alias for accessToken (deprecated)
  expiresIn?: string;
  userId?: string;
  user?: AuthUser;
}
Example 
const { accessToken, user } = await client.auth.login({
  email: 'alice@example.com',
  password: 'secret123',
});

refreshToken

Rotate the current access token.
  • Browser: Call without arguments. It will automatically use the refreshToken stored in your HTTP-only cookies.
  • Mobile/Node: Pass the refreshToken string manually.
refreshToken(refreshToken?: string): Promise<AuthResponse>

me

Fetch the profile of the currently authenticated user. 
me(token?: string): Promise<AuthUser>

updateProfile

Update the authenticated user’s profile fields. 
updateProfile(payload: UpdateProfilePayload, token?: string): Promise<{ message: string }>
Example 
await client.auth.updateProfile({ name: 'Alice Smith' });

changePassword

Change the authenticated user’s password. 
changePassword(payload: ChangePasswordPayload, token?: string): Promise<{ message: string }>

Social auth

urBackend supports OAuth via GitHub and Google.

socialStart

You receive a URL to initiate the OAuth flow. Redirect your user’s browser to this URL. 
socialStart(provider: 'github' | 'google'): string

socialExchange

Exchange the rtCode received at your callback URL for a refresh token. 
socialExchange(payload: SocialExchangePayload): Promise<SocialExchangeResponse>
Example 
// At your /auth/callback page
const urlParams = new URLSearchParams(window.location.search);
const rtCode = urlParams.get('rtCode');
const token = new URLSearchParams(window.location.hash.slice(1)).get('token');

if (!token || !rtCode) {
  throw new Error('Missing required OAuth callback parameters');
}

const { refreshToken } = await client.auth.socialExchange({ token, rtCode });

Account verification

Use these methods to handle email OTP flows.
MethodDescription
verifyEmail(payload)Verify an account using the OTP sent to email.
resendVerificationOtp(payload)Request a new verification OTP.
requestPasswordReset(payload)Start the “forgot password” flow.
resetPassword(payload)Complete password reset using an OTP.

publicProfile

Fetch a public-safe profile for any user by their username. This does not return sensitive fields like email or provider IDs. 
publicProfile(username: string): Promise<AuthUser>

logout

Call this to revoke your current session on the server and clear the local token. 
logout(token?: string): Promise<{ success: boolean; message: string }>

Manual token management

If you need to manage tokens manually (for example, after social auth), you can use these helper methods:
  • getToken(): Returns the current in-memory access token.
  • setToken(token): Manually set the access token for the client.