React SDK — Authentication
The useAuth hook provides the full authentication API. Import it from @aerostack/react.
import { useAuth } from '@aerostack/react'Auth state
Section titled “Auth state”const { user, // User | null tokens, // { accessToken, refreshToken?, expiresAt? } | null loading, // boolean — any auth operation in progress error, // string | null — last error message isAuthenticated, // boolean — shorthand for !!tokens?.accessToken} = useAuth()User type
Section titled “User type”interface User { id: string email: string name?: string avatar_url?: string emailVerified: boolean createdAt?: string customFields?: Record<string, any>}Methods
Section titled “Methods”signIn(email, password, turnstileToken?)
Section titled “signIn(email, password, turnstileToken?)”Sign in with email and password. Sets user and tokens on success.
await signIn('user@example.com', 'password')// or with Turnstile bot protection:await signIn('user@example.com', 'password', turnstileToken)| Parameter | Type | Required | Description |
|---|---|---|---|
email | string | Yes | User’s email address |
password | string | Yes | User’s password |
turnstileToken | string | No | Cloudflare Turnstile token |
Returns: Promise<AuthResponse> — { user, accessToken, refreshToken }
signUp(email, password, opts?)
Section titled “signUp(email, password, opts?)”Register a new user. If email verification is enabled, requiresVerification: true is returned.
const result = await signUp('user@example.com', 'password', { name: 'Jane Doe', customFields: { plan: 'free' }, turnstileToken: token,})
if (result.requiresVerification) { // Show "check your email" message}| Parameter | Type | Required | Description |
|---|---|---|---|
email | string | Yes | New user’s email |
password | string | Yes | New user’s password |
opts.name | string | No | Display name |
opts.customFields | Record<string, any> | No | Custom profile fields |
opts.turnstileToken | string | No | Bot protection token |
signOut()
Section titled “signOut()”Sign out the current user. Invalidates the refresh token server-side and clears local state.
await signOut()// user and tokens are now nullsendOTP(identifier, type?)
Section titled “sendOTP(identifier, type?)”Send a one-time code to an email address or phone number.
await sendOTP('user@example.com', 'email')await sendOTP('+1234567890', 'phone')| Parameter | Type | Default | Description |
|---|---|---|---|
identifier | string | — | Email or phone number |
type | 'email' | 'phone' | 'email' | Delivery method |
verifyOTP(identifier, code, type?)
Section titled “verifyOTP(identifier, code, type?)”Verify the OTP code and sign in. Sets user and tokens on success.
await verifyOTP('user@example.com', '123456', 'email')| Parameter | Type | Default |
|---|---|---|
identifier | string | — |
code | string | — |
type | 'email' | 'phone' | 'email' |
verifyEmail(token)
Section titled “verifyEmail(token)”Verify the email address using the token from the verification email link.
// In your /verify-email pageconst token = new URLSearchParams(window.location.search).get('token')await verifyEmail(token)resendVerificationEmail(email)
Section titled “resendVerificationEmail(email)”Resend the email verification link.
await resendVerificationEmail('user@example.com')requestPasswordReset(email, turnstileToken?)
Section titled “requestPasswordReset(email, turnstileToken?)”Send a password reset email.
await requestPasswordReset('user@example.com')resetPassword(token, newPassword)
Section titled “resetPassword(token, newPassword)”Set a new password using the token from the reset email.
const token = new URLSearchParams(window.location.search).get('token')await resetPassword(token, 'newSecurePassword123')refreshAccessToken(refreshToken)
Section titled “refreshAccessToken(refreshToken)”Refresh the access token. Called automatically by the SDK on 401 responses, but can also be called manually.
const newTokens = await refreshAccessToken(tokens.refreshToken)refreshUser()
Section titled “refreshUser()”Re-fetch the current user’s profile and update local state.
await refreshUser()// user state is updated from the serverupdateProfile(updates)
Section titled “updateProfile(updates)”Update the current user’s profile. Calls refreshUser() automatically.
await updateProfile({ name: 'New Name', avatar_url: 'https://cdn.example.com/avatar.jpg', customFields: { plan: 'pro' },})| Parameter | Type | Description |
|---|---|---|
name | string | Display name |
avatar_url | string | Avatar URL |
avatar_image_id | string | Storage image ID (auto-resolves to URL) |
customFields | Record<string, any> | Merge into existing custom fields |
deleteAvatar()
Section titled “deleteAvatar()”Remove the current user’s avatar.
await deleteAvatar()Error handling
Section titled “Error handling”All methods throw on failure. The error message is also set in error state:
const { signIn, error, loading } = useAuth()
const handleSubmit = async () => { try { await signIn(email, password) } catch (err) { // err.message is the same as error state console.error(err.message) }}
// Or use the error state directly:{error && <p style={{ color: 'red' }}>{error}</p>}