User Registration and Login
Learn how to set up user registration and login flows for your Authsec-powered application.
User Registration
Creating New User Accounts
Authsec provides multiple ways for users to register:
1. Email/Password Registration
// Example using Authsec SDK
import { AuthsecClient } from '@authsec/sdk';
const authsec = new AuthsecClient({
domain: 'your-domain.authsec.com',
clientId: 'your-client-id'
});
// Register new user
const result = await authsec.register({
email: 'user@example.com',
password: 'secure-password',
firstName: 'John',
lastName: 'Doe'
});
2. Social Registration
Enable registration through popular social providers:
- Microsoft
- GitHub
3. Invitation-Based Registration
For enterprise scenarios, users can be invited via email with pre-configured roles and permissions.
Registration Configuration
Configure registration settings in your Authsec dashboard:
- Email Verification: Require email confirmation before account activation
- Password Policies: Set complexity requirements
- Custom Fields: Add application-specific user attributes
- Auto-Assignment: Automatically assign roles to new users
User Login
Authentication Methods
1. Username/Password Login
// Standard login
const loginResult = await authsec.login({
email: 'user@example.com',
password: 'user-password'
});
// Handle successful login
if (loginResult.success) {
const { accessToken, user } = loginResult;
// Store token and redirect user
}
2. Social Login
// Social login with Google
const socialLogin = await authsec.loginWithSocial('google');
3. Passwordless Login
// Send magic link
await authsec.sendMagicLink({
email: 'user@example.com',
redirectUrl: 'https://yourapp.com/callback'
});
Login Security Features
- Account Lockout: Automatic lockout after failed attempts
- Device Recognition: Remember trusted devices
- IP Restrictions: Limit access from specific locations
- Session Management: Control active sessions
Session Management
Token Handling
// Check if user is authenticated
const isAuthenticated = await authsec.isAuthenticated();
// Get current user information
const user = await authsec.getCurrentUser();
// Refresh access token
const newToken = await authsec.refreshToken();
// Logout user
await authsec.logout();
Session Configuration
- Token Lifetime: Configure access and refresh token durations
- Idle Timeout: Automatically logout inactive users
- Concurrent Sessions: Control multiple active sessions
User Profile Management
Updating User Information
// Update user profile
await authsec.updateUser({
firstName: 'Jane',
lastName: 'Smith',
phone: '+1-555-0123'
});
// Change password
await authsec.changePassword({
currentPassword: 'old-password',
newPassword: 'new-secure-password'
});
Profile Features
- Avatar Upload: Profile picture management
- Custom Attributes: Application-specific user data
- Privacy Settings: User-controlled data visibility
- Account Deletion: Self-service account removal
Best Practices
Security Recommendations
- Always use HTTPS for login and registration pages
- Implement proper error handling without revealing sensitive information
- Use secure password policies with minimum complexity requirements
- Enable MFA for enhanced security
- Monitor login attempts and implement rate limiting
User Experience Tips
- Provide clear feedback during registration and login
- Offer password reset options for forgotten passwords
- Support multiple authentication methods for user convenience
- Implement progressive registration to reduce friction
- Provide login status indicators in your application UI