App Authentication
Add user authentication to your application with the client SDK
Overview
Scalix Auth provides a complete auth-as-a-service solution. Add signup, login, and session management to any application with a few lines of code.
Setup
Install the auth SDK:
bash
npm install @scalix-world/authInitialize with your API URL:
typescript
import { ScalixAuthClient } from "@scalix-world/auth";
const auth = new ScalixAuthClient({
url: "https://api.scalix.world",
});User Management
Get Current User
typescript
const user = await auth.getUser();
if (user) {
console.log(user.email);
}Update Profile
typescript
await auth.updateUser({
data: { name: "Alice Smith" },
});Session Management
Sessions are available via the REST API:
bash
# List sessions
curl -H "Authorization: Bearer $ACCESS_TOKEN" \
https://api.scalix.world/v1/auth/sessions
# Revoke a session
curl -X DELETE -H "Authorization: Bearer $ACCESS_TOKEN" \
https://api.scalix.world/v1/auth/sessions/$SESSION_IDAdmin Endpoints
Manage users from your server:
bash
# List all users
curl -H "Authorization: Bearer $SERVICE_TOKEN" \
https://api.scalix.world/v1/auth/admin/users
# Ban a user
curl -X POST -H "Authorization: Bearer $SERVICE_TOKEN" \
https://api.scalix.world/v1/auth/admin/users/usr_abc123/ban
# Delete a user
curl -X DELETE -H "Authorization: Bearer $SERVICE_TOKEN" \
https://api.scalix.world/v1/auth/admin/users/usr_abc123
# Get auth configuration
curl -H "Authorization: Bearer $SERVICE_TOKEN" \
https://api.scalix.world/v1/auth/admin/config
# Update auth configuration
curl -X PUT -H "Authorization: Bearer $SERVICE_TOKEN" \
https://api.scalix.world/v1/auth/admin/config \
-d '{"require_email_verification": true}'Session Management
Access tokens expire after 1 hour (the default; per-project configurable). The SDK handles refresh automatically:
typescript
auth.onAuthStateChange((event, session) => {
if (event === "TOKEN_REFRESHED") {
console.log("Token refreshed", session?.access_token);
}
});Protecting Routes
Server-side token validation:
Validate an end-user access token by calling the auth user endpoint with it as the bearer token — a 200 means the session is valid:
typescript
async function protectedEndpoint(req, res) {
const token = req.headers.authorization?.split(" ")[1];
const r = await fetch("https://api.scalix.world/v1/auth/user", {
headers: { Authorization: `Bearer ${token}` },
});
if (!r.ok) return res.status(401).json({ error: "Unauthorized" });
res.json({ user: await r.json() });
}