Skip to main content

Authentication

There are 2 built-in ways to authenticate users with Marblism: Email/password (JSON Web token) & Google auth.

Email/password auth

The registration and sign-in authentication process are managed in the api/src/modules/authentication.

This sign-in checks that:

  1. the user exists
  2. the correct password has been provided

If these conditions are met, an auth token is generated and returned to the client along with a user object.

Email vertification

Email account verification is disabled by default.

Activate Email Verification

To activate the email verification and automatically verify all new users, you can set the user status to CREATED instead of VERIFIED in api/src/modules/user/domain/user.model.ts

  @Column({ enum: UserStatus, default: UserStatus.CREATED })
status: UserStatus

After signing up, a user will be asked to verify their email using a time-sensitive code sent to their registered email address.

Until verified, the JWT token issued to a user will contain an unverified flag, and access to protected API endpoints will be disabled.

Google auth

To get your Google client id, follow the quick tutorial here.

In the Google Dashboard

  • set an Authorised JavaScript origins to <your-web-url>
  • set an Authorised redirect URIs to <your-server-url>/api/v1/authentication/google/callback.

Once you have it, add it to your API .env:

SERVER_GOOGLE_CLIENT_ID=your-client-id

And it to your Front-end .env:

GOOGLE_CLIENT_ID=your-client-id

The Google sign-in button will automatically appear in the login when the .env variable is detected.