asyavee/medusa-store
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
00a37cede13b474719e9fb72623d62b164cc2fcc
medusa-store/www/apps/resources/app/commerce-modules/auth/persisting-auth-user/page.mdx
Shahed Nasser 4fe28f5a95 chore: reorganize docs apps (#7228) 
* reorganize docs apps

* add README

* fix directory

* add condition for old docs
2024-05-03 17:36:38 +03:00

59 lines
1.8 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
sidebar_label: "Persisting Auth User"
---
export const metadata = {
title: `Persisting Auth User Authentication`,
}
# {metadata.title}
In this document, youll learn what the `AuthUser` is and how to persist its authentication.
## What is an AuthUser?
As explained in the [Auth Provider](../auth-providers/page.mdx) guide, when a user or customer is authenticated, you receive an `authUser` object:
```ts
const { success, authUser } =
await authModuleService.authenticate("emailpass", {
// ...
})
```
The `authUser` object is a record of the `AuthUser` data model. It has details about the authenticated user or customer, such as their ID, email, and other details.
<Note>
Learn more about the `AuthUser`'s fields in [this reference](/references/auth/models/AuthUser).
</Note>
---
## Persisting Authentication
While the Auth Module provides the authentication functionality, it doesnt provide the functionality to persist the authentication, as that depends on your applications requirements.
For example, the Medusa applications authentication route signs the `authUser` object into a JSON Web Token (JWT):
```ts
const {
success,
authUser,
} = await service.authenticate(auth_provider, authData)
// ...
const {
jwt_secret,
} = req.scope.resolve("configModule").projectConfig
const token = jwt.sign(authUser, jwt_secret)
```
Then, the token is passed in the header of subsequent requests in the Authorization Bearer header.
An authentication middleware verifies the token and attaches the associated `authUser`'s details to the `auth` property of the request object passed to the subsequent middlewares and route.
If the authentication middleware cant verify the token, the user isnt authenticated and theyre asked to login again.
Reference in New Issue View Git Blame Copy Permalink