Authentication

Manage users in R2R with built-in authentication

Occasionally this SDK documentation falls out of date, cross-check with the automatcially generated API Reference documentation for the latest parameters.

User Authentication and Management

R2R provides a comprehensive set of user authentication and management features, allowing you to implement secure and feature-rich authentication systems in your applications.

User Registration

To register a new user:

1const registerResponse = await client.register("[email protected]", "password123");

Email Verification

If email verification is enabled, verify a user’s email:

1const verifyResponse = await client.verifyEmail("verification_code_here");

User Login

To log in and obtain access tokens:

1const loginResponse = await client.login("[email protected]", "password123");

Get Current User Info

Retrieve information about the currently authenticated user:

1const user_info = client.user()

Refresh Access Token

Refresh an expired access token:

1const refreshResponse = await client.refreshAccessToken();

Change Password

Change the user’s password:

1const changePasswordResult = await client.changePassword("password123", "new_password");

Request Password Reset

Request a password reset for a user:

1const resetRequestResult = await client.requestPasswordReset("[email protected]");

Confirm Password Reset

Confirm a password reset using the reset token:

1const resetConfirmResult = await client.confirmPasswordReset("reset_token_here", "new_password");

Update User Profile

Update the user’s profile information:

1// keeping the user's email as is:
2const updateResult = client.updateUser(undefined, "John Doe", "R2R enthusiast");

Delete User Account

Delete the user’s account:

1const user_id = register_response["results"]["id"] # input unique id here
2const delete_result = client.delete_user(user_id, "password123")

User Logout

Log out and invalidate the current access token:

1const logoutResponse = await client.logout();

Superuser Capabilities

Superusers have additional privileges, including access to system-wide operations and sensitive information. To use superuser capabilities, authenticate as a superuser or the default admin:

1// Login as admin
2const loginResult = await client.login("[email protected]", "admin_password");
3
4// Access superuser features
5const usersOverview = await client.usersOverview();
6const logs = await client.logs();
7const analyticsResult = await client.analytics(
8  { filters: { all_latencies: "search_latency" } },
9  { analysis_types: { search_latencies: ["basic_statistics", "search_latency"] } }
10);

Superuser actions should be performed with caution and only by authorized personnel. Ensure proper security measures are in place when using superuser capabilities.

Security Considerations

When implementing user authentication, consider the following best practices:

  1. Always use HTTPS in production to encrypt data in transit.
  2. Implement rate limiting to protect against brute-force attacks.
  3. Use secure password hashing (R2R uses bcrypt by default).
  4. Consider implementing multi-factor authentication (MFA) for enhanced security.
  5. Conduct regular security audits of your authentication system.

For more advanced use cases or custom implementations, refer to the R2R documentation or reach out to the community for support.