914d773d3a
* initialized next.js project * finished markdown sections * added operation schema component * change page metadata * eslint fixes * fixes related to deployment * added response schema * resolve max stack issue * support for different property types * added support for property types * added loading for components * added more loading * type fixes * added oneOf type * removed console * fix replace with push * refactored everything * use static content for description * fixes and improvements * added code examples section * fix path name * optimizations * fixed tag navigation * add support for admin and store references * general enhancements * optimizations and fixes * fixes and enhancements * added search bar * loading enhancements * added loading * added code blocks * added margin top * add empty response text * fixed oneOf parameters * added path and query parameters * general fixes * added base path env variable * small fix for arrays * enhancements * design enhancements * general enhancements * fix isRequired * added enum values * enhancements * general fixes * general fixes * changed oas generation script * additions to the introduction section * added copy button for code + other enhancements * fix response code block * fix metadata * formatted store introduction * move sidebar logic to Tags component * added test env variables * fix code block bug * added loading animation * added expand param + loading * enhance operation loading * made responsive + improvements * added loading provider * fixed loading * adjustments for small devices * added sidebar label for endpoints * added feedback component * fixed analytics * general fixes * listen to scroll for other headings * added sample env file * update api ref files + support new fields * fix for external docs link * added new sections * fix last item in sidebar not showing * move docs content to www/docs * change redirect url * revert change * resolve build errors * configure rewrites * changed to environment variable url * revert changing environment variable name * add environment variable for API path * fix links * fix tailwind settings * remove vercel file * reconfigured api route * move api page under api * fix page metadata * fix external link in navigation bar * update api spec * updated api specs * fixed google lint error * add max-height on request samples * add padding before loading * fix for one of name * fix undefined types * general fixes * remove response schema example * redesigned navigation bar * redesigned sidebar * fixed up paddings * added feedback component + report issue * fixed up typography, padding, and general styling * redesigned code blocks * optimization * added error timeout * fixes * added indexing with algolia + fixes * fix errors with algolia script * redesign operation sections * fix heading scroll * design fixes * fix padding * fix padding + scroll issues * fix scroll issues * improve scroll performance * fixes for safari * optimization and fixes * fixes to docs + details animation * padding fixes for code block * added tab animation * fixed incorrect link * added selection styling * fix lint errors * redesigned details component * added detailed feedback form * api reference fixes * fix tabs * upgrade + fixes * updated documentation links * optimizations to sidebar items * fix spacing in sidebar item * optimizations and fixes * fix endpoint path styling * remove margin * final fixes * change margin on small devices * generated OAS * fixes for mobile * added feedback modal * optimize dark mode button * fixed color mode useeffect * minimize dom size * use new style system * radius and spacing design system * design fixes * fix eslint errors * added meta files * change cron schedule * fix docusaurus configurations * added operating system to feedback data * change content directory name * fixes to contribution guidelines * revert renaming content * added api-reference to documentation workflow * fixes for search * added dark mode + fixes * oas fixes * handle bugs * added code examples for clients * changed tooltip text * change authentication to card * change page title based on selected section * redesigned mobile navbar * fix icon colors * fix key colors * fix medusa-js installation command * change external regex in algolia * change changeset * fix padding on mobile * fix hydration error * update depedencies
4.3 KiB
4.3 KiB
description
| description |
|---|
| Users are admins that can manage the ecommerce store’s data and operations. Learn about the available features and guides. |
Users Architecture Overview
In this document, you’ll learn about the users architecture and invites in Medusa.
Overview
A user is an admin that can view and process sensitive and private information in the commerce store. A store in Medusa can have more than one user. Users can create or invite other users to manage the store.
:::tip
A user is typically referred to as “admin” throughout the documentation and user guide.
:::
User Entity Overview
Some of the User entity attributes include:
email: a unique string indicating the email of the user.password_hash: a string indicating the encrypted password of the user. Passwords are encrypted using the scrypt-kdf NPM package. The password hash is nullable, which can be useful if you want to integrate a third-party authentication service that does not require a password.first_name: a string indicating the user’s first name.last_name: a string indicating the user’s last name.api_token: a string that holds the user’s API token. The API token can be used to send authenticated requests to admin endpoints, instead of using cookie session authentication. Check out the API reference to learn how to use it.role: a string that indicates the role of the user. Its value can be eitheradmin,member, ordeveloper.
:::note
The role attribute does not actually provide permission or Access Control List (ACL) features within Medusa.
:::
Invites Overview
A user can create other users where they specify the user’s details and credentials, and the new user can immediately authenticate using their credentials.
Alternatively, a user can invite another user to join by just supplying the new user’s email. Then, the new user can accept the invite and provide their credentials.
Invite Entity Overview
An invitation is represented by the Invite entity. Some of its attributes include:
user_email: a string indicating the email of the user.role: a string indicating the role of the user. Similar to theUserentity’sroleattribute, its value can be eitheradmin,member, ordeveloper.accepted: a boolean value indicating whether the invite has been accepted.token: a string that is automatically generated when the invite is created. It’s a hash that is used to later accept the invitation.expires_at: a date indicating when the invitation expires.
Invite Process Overview
You have full freedom in how you choose to implement the invite flow. This section explains how it’s implemented within the Medusa backend.
The invitation process typically follows these steps in the Medusa backend:
- A user creates an invite either using the Create Invite endpoint or the
InviteService'screatemethod. Part of creating an invite includes generating the token and setting the expiry date. By default, the expiry date is set to a week after the date of invitation creation. - The new user receives the invite, typically through their email (although this is not implemented by default within the Medusa backend). The new user has to provide their details and password. The invite can be accepted either using the Accept Invite endpoint or using the
InviteService'sacceptmethod. - When the new user accepts the invite, the invitation is validated first to ensure it’s not expired. If it’s not expired, a new user is created using the
UserService's create method.
If an invitation is expired, an existing user can resend the invite either using the Resend Invite endpoint or using the InviteService's resend method. This would generate a new token and reset the expiry date.