Skip to main content
Skip to main content

AdminAuthResource

This class is used to send requests to Admin Auth API Routes. All its method are available in the JS Client under the medusa.admin.auth property.

The methods in this class allow admin users to manage their session, such as login or log out. You can send authenticated requests for an admin user either using the Cookie header, their API token, or the JWT Token. When you log the admin user in using the createSession method, the JS client will automatically attach the cookie header in all subsequent requests.

Related Guide: How to implement user profiles.

Methods

getSession

Get the currently logged in user's details. Can also be used to check if there is an authenticated user.

Example

import Medusa from "@medusajs/medusa-js"
const medusa = new Medusa({ baseUrl: MEDUSA_BACKEND_URL, maxRetries: 3 })
// must be previously logged in or use api token
medusa.admin.auth.getSession()
.then(({ user }) => {
console.log(user.id);
})

Parameters

customHeadersRecord<string, any>Required
Custom headers to attach to the request.

Default: {}

Returns

ResponsePromiseResponsePromise<AdminAuthRes>Required
Resolves to the logged-in user's details.

deleteSession

Log out the user and remove their authentication session. This will only work if you're using Cookie session for authentication. If the API token is still passed in the header, the user is still authorized to perform admin functionalities in other API Routes.

Example

import Medusa from "@medusajs/medusa-js"
const medusa = new Medusa({ baseUrl: MEDUSA_BACKEND_URL, maxRetries: 3 })
// must be previously logged in
medusa.admin.auth.deleteSession()

Parameters

customHeadersRecord<string, any>Required
Custom headers to attach to the request.

Default: {}

Returns

ResponsePromiseResponsePromise<void>Required
Resolves when user is logged out successfully.

createSession

Log a User in using their credentials. If the user is authenticated successfully, the cookie is automatically attached to subsequent requests sent with the JS Client.

Example

import Medusa from "@medusajs/medusa-js"
const medusa = new Medusa({ baseUrl: MEDUSA_BACKEND_URL, maxRetries: 3 })
medusa.admin.auth.createSession({
email: "user@example.com",
password: "supersecret"
})
.then(({ user }) => {
console.log(user.id);
})

Parameters

payloadAdminPostAuthReqRequired
The credentials of the user.
customHeadersRecord<string, any>Required
Custom headers to attach to the request.

Default: {}

Returns

ResponsePromiseResponsePromise<AdminAuthRes>Required
Resolves to the user's details.

getToken

Authenticate the user and retrieve a JWT token to use for subsequent authenticated requests.

Example

import Medusa from "@medusajs/medusa-js"
const medusa = new Medusa({ baseUrl: MEDUSA_BACKEND_URL, maxRetries: 3 })
medusa.admin.auth.getToken({
email: 'user@example.com',
password: 'supersecret'
})
.then(({ access_token }) => {
console.log(access_token);
})

Parameters

payloadAdminPostAuthReqRequired
The credentials of the user.
customHeadersRecord<string, any>Required
Custom headers to attach to the request.

Default: {}

Returns

ResponsePromiseResponsePromise<AdminBearerAuthRes>Required
Resolves to the access token of the user, if they're authenticated successfully.
Was this section helpful?