FluxbaseAuth

Constructors

new FluxbaseAuth()

new FluxbaseAuth(fetch, autoRefresh, persist): FluxbaseAuth

Parameters

Parameter	Type	Default value
fetch	FluxbaseFetch	undefined
autoRefresh	boolean	true
persist	boolean	true

Returns

FluxbaseAuth

Methods

disable2FA()

disable2FA(password): Promise<DataResponse<TwoFactorDisableResponse>>

Disable 2FA for the current user (Supabase-compatible) Unenrolls the MFA factor

Parameters

Parameter	Type	Description
password	string	User password for confirmation

Returns

Promise<DataResponse<TwoFactorDisableResponse>>

Promise with unenrolled factor id

---

enable2FA()

enable2FA(code): Promise<DataResponse<TwoFactorEnableResponse>>

Enable 2FA after verifying the TOTP code (Supabase-compatible) Verifies the TOTP code and returns new tokens with MFA session

Parameters

Parameter	Type	Description
code	string	TOTP code from authenticator app

Returns

Promise<DataResponse<TwoFactorEnableResponse>>

Promise with access_token, refresh_token, and user

---

exchangeCodeForSession()

exchangeCodeForSession(code, state?): Promise<FluxbaseAuthResponse>

Exchange OAuth authorization code for session This is typically called in your OAuth callback handler

Parameters

Parameter	Type	Description
code	string	Authorization code from OAuth callback
state?	string	State parameter from OAuth callback (for CSRF protection)

Returns

Promise<FluxbaseAuthResponse>

---

get2FAStatus()

get2FAStatus(): Promise<DataResponse<TwoFactorStatusResponse>>

Check 2FA status for the current user (Supabase-compatible) Lists all enrolled MFA factors

Returns

Promise<DataResponse<TwoFactorStatusResponse>>

Promise with all factors and TOTP factors

---

getAccessToken()

getAccessToken(): null | string

Get the current access token

Returns

null | string

---

getAuthConfig()

getAuthConfig(): Promise<DataResponse<AuthConfig>>

Get comprehensive authentication configuration from the server Returns all public auth settings including signup status, OAuth providers, SAML providers, password requirements, and CAPTCHA config in a single request.

Use this to:

• Conditionally render signup forms based on signup_enabled
• Display available OAuth/SAML provider buttons
• Show password requirements to users
• Configure CAPTCHA widgets

Returns

Promise<DataResponse<AuthConfig>>

Promise with complete authentication configuration

Example

const { data, error } = await client.auth.getAuthConfig();
if (data) {
  console.log('Signup enabled:', data.signup_enabled);
  console.log('OAuth providers:', data.oauth_providers);
  console.log('Password min length:', data.password_min_length);
}

---

getCaptchaConfig()

getCaptchaConfig(): Promise<DataResponse<CaptchaConfig>>

Get CAPTCHA configuration from the server Use this to determine which CAPTCHA provider to load and configure

Returns

Promise<DataResponse<CaptchaConfig>>

Promise with CAPTCHA configuration (provider, site key, enabled endpoints)

---

getCurrentUser()

getCurrentUser(): Promise<UserResponse>

Get the current user from the server

Returns

Promise<UserResponse>

---

getOAuthLogoutUrl()

getOAuthLogoutUrl(provider, options?): Promise<DataResponse<OAuthLogoutResponse>>

Get OAuth logout URL for a provider Use this to get the logout URL without automatically redirecting

Parameters

Parameter	Type	Description
provider	string	OAuth provider name (e.g., ‘google’, ‘github’)
options?	OAuthLogoutOptions	Optional logout configuration

Returns

Promise<DataResponse<OAuthLogoutResponse>>

Promise with OAuth logout response including redirect URL if applicable

Example

const { data, error } = await client.auth.getOAuthLogoutUrl('google')
if (!error && data.redirect_url) {
  // Redirect user to complete logout at provider
  window.location.href = data.redirect_url
}

---

getOAuthProviders()

getOAuthProviders(): Promise<DataResponse<OAuthProvidersResponse>>

Get list of enabled OAuth providers

Returns

Promise<DataResponse<OAuthProvidersResponse>>

---

getOAuthUrl()

getOAuthUrl(provider, options?): Promise<DataResponse<OAuthUrlResponse>>

Get OAuth authorization URL for a provider

Parameters

Parameter	Type	Description
provider	string	OAuth provider name (e.g., ‘google’, ‘github’)
options?	OAuthOptions	Optional OAuth configuration

Returns

Promise<DataResponse<OAuthUrlResponse>>

---

getSAMLLoginUrl()

getSAMLLoginUrl(provider, options?): Promise<DataResponse<SAMLLoginResponse>>

Get SAML login URL for a specific provider Use this to redirect the user to the IdP for authentication

Parameters

Parameter	Type	Description
provider	string	SAML provider name/ID
options?	SAMLLoginOptions	Optional login configuration

Returns

Promise<DataResponse<SAMLLoginResponse>>

Promise with SAML login URL

Example

const { data, error } = await client.auth.getSAMLLoginUrl('okta')
if (!error) {
  window.location.href = data.url
}

---

getSAMLMetadataUrl()

getSAMLMetadataUrl(provider): string

Get SAML Service Provider metadata for a specific provider configuration Use this when configuring your IdP to download the SP metadata XML

Parameters

Parameter	Type	Description
provider	string	SAML provider name/ID

Returns

string

Promise with SP metadata URL

Example

const metadataUrl = client.auth.getSAMLMetadataUrl('okta')
// Share this URL with your IdP administrator

---

getSAMLProviders()

getSAMLProviders(): Promise<DataResponse<SAMLProvidersResponse>>

Get list of available SAML SSO providers

Returns

Promise<DataResponse<SAMLProvidersResponse>>

Promise with list of configured SAML providers

Example

const { data, error } = await client.auth.getSAMLProviders()
if (!error) {
  console.log('Available providers:', data.providers)
}

---

getSession()

getSession(): Promise<FluxbaseResponse<object>>

Get the current session (Supabase-compatible) Returns the session from the client-side cache without making a network request

Returns

Promise<FluxbaseResponse<object>>

---

getUser()

getUser(): Promise<FluxbaseResponse<object>>

Get the current user (Supabase-compatible) Returns the user from the client-side session without making a network request For server-side validation, use getCurrentUser() instead

Returns

Promise<FluxbaseResponse<object>>

---

getUserIdentities()

getUserIdentities(): Promise<DataResponse<UserIdentitiesResponse>>

Get user identities (linked OAuth providers) - Supabase-compatible Lists all OAuth identities linked to the current user

Returns

Promise<DataResponse<UserIdentitiesResponse>>

Promise with list of user identities

---

handleSAMLCallback()

handleSAMLCallback(samlResponse, provider?): Promise<FluxbaseAuthResponse>

Handle SAML callback after IdP authentication Call this from your SAML callback page to complete authentication

Parameters

Parameter	Type	Description
samlResponse	string	Base64-encoded SAML response from the ACS endpoint
provider?	string	SAML provider name (optional, extracted from RelayState)

Returns

Promise<FluxbaseAuthResponse>

Promise with user and session

Example

// In your SAML callback page
const urlParams = new URLSearchParams(window.location.search)
const samlResponse = urlParams.get('SAMLResponse')

if (samlResponse) {
  const { data, error } = await client.auth.handleSAMLCallback(samlResponse)
  if (!error) {
    console.log('Logged in:', data.user)
  }
}

---

linkIdentity()

linkIdentity(credentials): Promise<DataResponse<OAuthUrlResponse>>

Link an OAuth identity to current user - Supabase-compatible Links an additional OAuth provider to the existing account

Parameters

Parameter	Type	Description
credentials	LinkIdentityCredentials	Provider to link

Returns

Promise<DataResponse<OAuthUrlResponse>>

Promise with OAuth URL to complete linking

---

onAuthStateChange()

onAuthStateChange(callback): object

Listen to auth state changes (Supabase-compatible)

Parameters

Parameter	Type	Description
callback	AuthStateChangeCallback	Function called when auth state changes

Returns

object

Object containing subscription data

Name	Type
data	object
data.subscription	AuthSubscription

Example

const { data: { subscription } } = client.auth.onAuthStateChange((event, session) => {
  console.log('Auth event:', event, session)
})

// Later, to unsubscribe:
subscription.unsubscribe()

---

reauthenticate()

reauthenticate(): Promise<DataResponse<ReauthenticateResponse>>

Reauthenticate to get security nonce - Supabase-compatible Get a security nonce for sensitive operations (password change, etc.)

Returns

Promise<DataResponse<ReauthenticateResponse>>

Promise with nonce for reauthentication

---

refreshSession()

refreshSession(): Promise<FluxbaseResponse<object>>

Refresh the session (Supabase-compatible) Returns a new session with refreshed tokens

Returns

Promise<FluxbaseResponse<object>>

---

refreshToken()

refreshToken(): Promise<FluxbaseResponse<object>>

Refresh the session (Supabase-compatible alias) Alias for refreshSession() to maintain compatibility with Supabase naming Returns a new session with refreshed tokens

Returns

Promise<FluxbaseResponse<object>>

---

resendOtp()

resendOtp(params): Promise<DataResponse<OTPResponse>>

Resend OTP (One-Time Password) - Supabase-compatible Resend OTP code when user doesn’t receive it

Parameters

Parameter	Type	Description
params	ResendOtpParams	Resend parameters including type and email/phone

Returns

Promise<DataResponse<OTPResponse>>

Promise with OTP-style response

---

resetPassword()

resetPassword(token, newPassword): Promise<DataResponse<AuthResponseData>>

Reset password with token (Supabase-compatible) Complete the password reset process with a valid token

Parameters

Parameter	Type	Description
token	string	Password reset token
newPassword	string	New password to set

Returns

Promise<DataResponse<AuthResponseData>>

Promise with user and new session

---

resetPasswordForEmail()

resetPasswordForEmail(email, options?): Promise<DataResponse<PasswordResetResponse>>

Supabase-compatible alias for sendPasswordReset()

Parameters

Parameter	Type	Description
email	string	Email address to send reset link to
options?	object	Optional redirect and CAPTCHA configuration
options.captchaToken?	string	-
options.redirectTo?	string	-

Returns

Promise<DataResponse<PasswordResetResponse>>

Promise with OTP-style response

---

sendMagicLink()

sendMagicLink(email, options?): Promise<DataResponse<MagicLinkResponse>>

Send magic link for passwordless authentication (Supabase-compatible)

Parameters

Parameter	Type	Description
email	string	Email address to send magic link to
options?	MagicLinkOptions	Optional configuration for magic link

Returns

Promise<DataResponse<MagicLinkResponse>>

Promise with OTP-style response

---

sendPasswordReset()

sendPasswordReset(email, options?): Promise<DataResponse<PasswordResetResponse>>

Send password reset email (Supabase-compatible) Sends a password reset link to the provided email address

Parameters

Parameter	Type	Description
email	string	Email address to send reset link to
options?	object	Optional configuration including redirect URL and CAPTCHA token
options.captchaToken?	string	-
options.redirectTo?	string	-

Returns

Promise<DataResponse<PasswordResetResponse>>

Promise with OTP-style response

---

setSession()

setSession(session): Promise<FluxbaseAuthResponse>

Set the session manually (Supabase-compatible) Useful for restoring a session from storage or SSR scenarios

Parameters

Parameter	Type	Description
session	object	Object containing access_token and refresh_token
session.access_token	string	-
session.refresh_token	string	-

Returns

Promise<FluxbaseAuthResponse>

Promise with session data

---

setup2FA()

setup2FA(issuer?): Promise<DataResponse<TwoFactorSetupResponse>>

Setup 2FA for the current user (Supabase-compatible) Enrolls a new MFA factor and returns TOTP details

Parameters

Parameter	Type	Description
issuer?	string	Optional custom issuer name for the QR code (e.g., “MyApp”). If not provided, uses server default.

Returns

Promise<DataResponse<TwoFactorSetupResponse>>

Promise with factor id, type, and TOTP setup details

---

signIn()

signIn(credentials): Promise<FluxbaseResponse<SignInWith2FAResponse | AuthResponseData>>

Sign in with email and password (Supabase-compatible) Returns { user, session } if successful, or SignInWith2FAResponse if 2FA is required

Parameters

Parameter	Type
credentials	SignInCredentials

Returns

Promise<FluxbaseResponse<SignInWith2FAResponse | AuthResponseData>>

---

signInAnonymously()

signInAnonymously(): Promise<FluxbaseAuthResponse>

Sign in anonymously Creates a temporary anonymous user session

Returns

Promise<FluxbaseAuthResponse>

---

signInWithIdToken()

signInWithIdToken(credentials): Promise<FluxbaseAuthResponse>

Sign in with ID token (for native mobile apps) - Supabase-compatible Authenticate using native mobile app ID tokens (Google, Apple)

Parameters

Parameter	Type	Description
credentials	SignInWithIdTokenCredentials	Provider, ID token, and optional nonce

Returns

Promise<FluxbaseAuthResponse>

Promise with user and session

---

signInWithOAuth()

signInWithOAuth(provider, options?): Promise<DataResponse<object>>

Convenience method to initiate OAuth sign-in Redirects the user to the OAuth provider’s authorization page

Parameters

Parameter	Type	Description
provider	string	OAuth provider name (e.g., ‘google’, ‘github’)
options?	OAuthOptions	Optional OAuth configuration

Returns

Promise<DataResponse<object>>

---

signInWithOtp()

signInWithOtp(credentials): Promise<DataResponse<OTPResponse>>

Sign in with OTP (One-Time Password) - Supabase-compatible Sends a one-time password via email or SMS for passwordless authentication

Parameters

Parameter	Type	Description
credentials	SignInWithOtpCredentials	Email or phone number and optional configuration

Returns

Promise<DataResponse<OTPResponse>>

Promise with OTP-style response

---

signInWithPassword()

signInWithPassword(credentials): Promise<FluxbaseResponse<SignInWith2FAResponse | AuthResponseData>>

Sign in with email and password (Supabase-compatible) Alias for signIn() to maintain compatibility with common authentication patterns Returns { user, session } if successful, or SignInWith2FAResponse if 2FA is required

Parameters

Parameter	Type
credentials	SignInCredentials

Returns

Promise<FluxbaseResponse<SignInWith2FAResponse | AuthResponseData>>

---

signInWithSAML()

signInWithSAML(provider, options?): Promise<DataResponse<object>>

Initiate SAML login and redirect to IdP This is a convenience method that redirects the user to the SAML IdP

Parameters

Parameter	Type	Description
provider	string	SAML provider name/ID
options?	SAMLLoginOptions	Optional login configuration

Returns

Promise<DataResponse<object>>

Promise with provider and URL (browser will redirect)

Example

// In browser, this will redirect to the SAML IdP
await client.auth.signInWithSAML('okta')

---

signOut()

signOut(): Promise<VoidResponse>

Sign out the current user

Returns

Promise<VoidResponse>

---

signOutWithOAuth()

signOutWithOAuth(provider, options?): Promise<DataResponse<OAuthLogoutResponse>>

Sign out with OAuth provider logout Revokes tokens at the OAuth provider and optionally redirects for OIDC logout

Parameters

Parameter	Type	Description
provider	string	OAuth provider name (e.g., ‘google’, ‘github’)
options?	OAuthLogoutOptions	Optional logout configuration

Returns

Promise<DataResponse<OAuthLogoutResponse>>

Promise with OAuth logout response

Example

// This will revoke tokens and redirect to provider's logout page if supported
await client.auth.signOutWithOAuth('google', {
  redirect_url: 'https://myapp.com/logged-out'
})

---

signUp()

signUp(credentials): Promise<FluxbaseAuthResponse>

Sign up with email and password (Supabase-compatible) Returns session when email confirmation is disabled Returns null session when email confirmation is required

Parameters

Parameter	Type
credentials	SignUpCredentials

Returns

Promise<FluxbaseAuthResponse>

---

startAutoRefresh()

startAutoRefresh(): void

Start the automatic token refresh timer This is called automatically when autoRefresh is enabled and a session exists Only works in browser environments

Returns

void

---

stopAutoRefresh()

stopAutoRefresh(): void

Stop the automatic token refresh timer Call this when you want to disable auto-refresh without signing out

Returns

void

---

unlinkIdentity()

unlinkIdentity(params): Promise<VoidResponse>

Unlink an OAuth identity from current user - Supabase-compatible Removes a linked OAuth provider from the account

Parameters

Parameter	Type	Description
params	UnlinkIdentityParams	Identity to unlink

Returns

Promise<VoidResponse>

Promise with void response

---

updateUser()

updateUser(attributes): Promise<UserResponse>

Update the current user (Supabase-compatible)

Parameters

Parameter	Type	Description
attributes	UpdateUserAttributes	User attributes to update (email, password, data for metadata)

Returns

Promise<UserResponse>

---

verify2FA()

verify2FA(request): Promise<DataResponse<TwoFactorLoginResponse>>

Verify 2FA code during login (Supabase-compatible) Call this after signIn returns requires_2fa: true

Parameters

Parameter	Type	Description
request	TwoFactorVerifyRequest	User ID and TOTP code

Returns

Promise<DataResponse<TwoFactorLoginResponse>>

Promise with access_token, refresh_token, and user

---

verifyMagicLink()

verifyMagicLink(token): Promise<FluxbaseAuthResponse>

Verify magic link token and sign in

Parameters

Parameter	Type	Description
token	string	Magic link token from email

Returns

Promise<FluxbaseAuthResponse>

---

verifyOtp()

verifyOtp(params): Promise<FluxbaseAuthResponse>

Verify OTP (One-Time Password) - Supabase-compatible Verify OTP tokens for various authentication flows

Parameters

Parameter	Type	Description
params	VerifyOtpParams	OTP verification parameters including token and type

Returns

Promise<FluxbaseAuthResponse>

Promise with user and session if successful

---

verifyResetToken()

verifyResetToken(token): Promise<DataResponse<VerifyResetTokenResponse>>

Verify password reset token Check if a password reset token is valid before allowing password reset

Parameters

Parameter	Type	Description
token	string	Password reset token to verify

Returns

Promise<DataResponse<VerifyResetTokenResponse>>