signIn lets your users log into your web app. This API will return a promise that gets resolved once the user has been logged in.
userbase.signIn({
username: 'example-username',
password: 'example-password'
}).then((user) => {
// user logged in
}).catch((e) => console.error(e))
Parameters
-
username [string | Len: 1-100] - The username for the account to be login.
-
password [string | Len: 6-1000] - The password for the account to be login.
-
rememberMe [string | optional] - The persistence mode for the user's session. Valid values are 'local', 'session', and 'none'. When set to 'local', the session persists even after the browser window gets closed. When set to 'session', the session persists until the browser window gets closed. And 'none' disables session persistence completely. Defaults to 'session'.
-
sessionLength [number | optional | Unit: hours | Min: 0.084 (5 mins) | Max: 8760 (1 yr) ] - The number of hours the user's session will remain active. Defaults to 24.
Result
-
user [object] - Contains information about the logged in user.
- username [string] - The user's username.
- userId [string] - The user's unique identifier.
- authToken [string] - The user's authentication token that can be used to verify the user is signed in via the Verify Auth Token endpoint in the Userbase Admin API.
- creationDate [string] - The date the user was created.
- email [string] - The user's email.
- profile [object] - The user's profile.
- protectedProfile [object] - The user's protected profile set via Update User in the Admin API.
- usedTempPassword [boolean] - Indicates if the user has signed in with a temporary password from the forgotPassword workflow. You may want to prompt the user to change the password when this is true.
- changePassword [boolean] - When true, the user must change their password via updateUser to access other functions in the SDK.
- paymentsMode [string] - The app's payments mode set in your Admin panel. Can be 'disabled', 'test', or 'prod'.
- subscriptionStatus [string] - The user's subscription status. Can be 'active', 'incomplete', 'incomplete_expired', 'past_due', 'canceled', or 'unpaid'. Each status is explained further here.
- subscriptionPlanId [string] - The subscription plan the user is subscribed to.
- trialExpirationDate [string] - The date the user's trial expires.
- cancelSubscriptionAt [string] - The date the user's subscription is set to be canceled.
Notes
-
The user's password is never sent to the server. A hash gets computed client-side, and only the hash is transmitted and stored server-side.
-
When rememberMe is set to 'session' or 'local', the user's encryption key and session token will be stored in clear in the browser's session or local storage respectively. Someone with access to these values will be able to access a user's account and all their data until the user explicitly signs out, or the user's session expires. If you want to avoid this, you will need to set rememberMe to 'none'. When rememberMe is 'none', the user will always have to login with the username and password when visiting your web app.
Errors
- ParamsMustBeObject
- UsernameMissing
- UsernameOrPasswordMismatch
- UsernameCannotBeBlank
- UsernameTooLong
- UsernameMustBeString
- PasswordMissing
- PasswordCannotBeBlank
- PasswordTooShort
- PasswordTooLong
- PasswordMustBeString
- PasswordAttemptLimitExceeded
- RememberMeValueNotValid
- SessionLengthMustBeNumber
- SessionLengthTooShort
- SessionLengthTooLong
- KeyNotFound
- AppIdNotSet
- AppIdNotValid
- UserAlreadySignedIn
- ServiceUnavailable