Skip to main content
Skip to main content

Persisting Auth User Authentication

In this document, you’ll learn what the AuthUser is and how to persist its authentication.

What is an AuthUser?

As explained in the Auth Provider guide, when a user or customer is authenticated, you receive an authUser object:

const { success, authUser } =
  await authModuleService.authenticate("emailpass", {
    // ...
  })

The authUser object is a record of the AuthUser data model. It has details about the authenticated user or customer, such as their ID, email, and other details.

Note

Learn more about the AuthUser's attributes in this reference.

Persisting Authentication

While the Auth Module provides the authentication functionality, it doesn’t provide the functionality to persist the authentication, as that depends on your application’s requirements.

For example, the Medusa application’s authentication route signs the authUser object into a JSON Web Token (JWT):

const { 
  success, 
  authUser,
} = await service.authenticate(auth_provider, authData)

// ...
const { 
  jwt_secret,
} = req.scope.resolve("configModule").projectConfig

const token = jwt.sign(authUser, jwt_secret)

Then, the token is passed in the header of subsequent requests in the Authorization Bearer header.

An authentication middleware verifies the token and attaches the associated authUser's details to the auth property of the request object passed to the subsequent middlewares and route.

If the authentication middleware can’t verify the token, the user isn’t authenticated and they’re asked to login again.

Was this section helpful?
© 2024 Medusa, Inc. All rights reserved.