Class: User
Objects of this type represent an authenticated user. If you have a token you can instantiate your own User. This class is server side rendering (SSR) friendly as it only uses the fetch API with no other dependencies on browser APIs.
A User object gives you access to methods to:
- access or associate arbitrary private data to the user: please see the getBucket method; your backend will also be able to retrieve the data associated with your user by invoking the related SlashID User Management API https://developer.slashid.dev/docs/api/get-persons-person-id-attributes-bucket-name/;
- contextual user attributes as detailed in the Accessors section below;
Remarks
User objects are safe for serialization, you can pass them to other contexts with the postMessage family of functions.
Hierarchy
↳
User
Constructors
constructor
• new User(token, optionsOrSid?)
Reconstruct an authenticated user from its token value. An instance can be created in multiple ways:
- by calling id to perform authentication
- by calling getUser to reconstruct a user from a token while reusing the existing SDK instance
- by creating it directly using the constructor (not advised)
Instances can only be constructed in a browser environment due to dependency on SlashID.
Throws
TypeError If the given optionsOrSid, if defined, fail validation, or
the given token cannot be decoded.
Parameters
| Name | Type | Description |
|---|---|---|
token | string | A user token value. |
optionsOrSid? | SlashID | SlashID instance or SlashID connection options. It is preferred to pass in the SlashID instance |
Overrides
• new User(token, optionsOrSid?)
Deprecated
use SlashId instead of SlashIDOptions as it ensures the expected behaviour of the internal event emitter
Parameters
| Name | Type |
|---|---|
token | string |
optionsOrSid? | SlashIDOptions |
Overrides
BaseUser.constructor
Accessors
ID
• get ID(): string
This user's ID. Use this property in your backend services when interacting with the SlashID User Management API.
Returns
string
Inherited from
BaseUser.ID
anonymous
• get anonymous(): boolean
Indicates if the user is an anonymous user
Returns
boolean
Inherited from
BaseUser.anonymous
authentication
• get authentication(): FactorMethod[]
Indicates which authentication methods the user has been verified with. It can contain multiple items in case of multi factor authentication.
Returns
Inherited from
BaseUser.authentication
authentications
• get authentications(): Authentication[]
Indicates which authentication methods the user has been verified with, including the handles used for each method.
Returns
Inherited from
BaseUser.authentications
firstLogin
• get firstLogin(): boolean
Indicates whether the user has been just registered, otherwise it's a returning user.
Returns
boolean
Inherited from
BaseUser.firstLogin
oid
• get oid(): string
The organization ID this user belongs to.
Returns
string
Inherited from
BaseUser.oid
token
• get token(): string
The entire, signed authentication token of this user.
Returns
string
Inherited from
BaseUser.token
tokenClaims
• get tokenClaims(): UserToken
The claims of the user token.
Returns
Inherited from
BaseUser.tokenClaims
tokenContainer
• get tokenContainer(): string
The entire token container
Returns
string
either the token container string or an empty string
Inherited from
BaseUser.tokenContainer
tokenContainerClaims
• get tokenContainerClaims(): undefined | TokenContainer
If the user instance is created with a TokenContainer this will return the claims of the token container. Otherwise it will return undefined.
Returns
undefined | TokenContainer
Inherited from
BaseUser.tokenContainerClaims
Methods
addGDPRConsent
▸ addGDPRConsent(request): Promise<GDPRConsentResponse>
Add the GDPR consent levels to the current user. Consent levels not included in the request will not be changed.
Parameters
| Name | Type | Description |
|---|---|---|
request | GDPRConsentLevels | with consent levels to add |
Returns
GDPR consent info
Inherited from
createDirectID
▸ createDirectID(): Promise<undefined | string>
Create a DirectID based on your token
Returns
Promise<undefined | string>
directID token
Inherited from
delete
▸ delete(attributeNames): Promise<any>
Deprecated
Use getBucket instead.
Parameters
| Name | Type |
|---|---|
attributeNames | string[] |
Returns
Promise<any>
Inherited from
get
▸ get<AttributesType>(attributeNames?): Promise<AttributesType>
Deprecated
Use getBucket instead.
Type parameters
| Name | Type |
|---|---|
AttributesType | extends JsonObject |
Parameters
| Name | Type |
|---|---|
attributeNames? | string[] |
Returns
Promise<AttributesType>
Inherited from
getAttributesClient
▸ getAttributesClient(): AttributesApi
Exposes the attributes client so the Bucket instance can access it
Returns
Inherited from
getBucket
▸ getBucket(bucketName?): Bucket
Creates a Bucket object used to access attributes.
Parameters
| Name | Type | Default value | Description |
|---|---|---|---|
bucketName | string | DefaultBucketName.end_user_read_write | name of the bucket we want to access - uses "end_user_read_write" as default. You can pass in any string that corresponds to a name of a bucket set up for your organization. You can use any of the preset bucket names with corresponding permissions and scopes - DefaultBucketName. |
Returns
Inherited from
getGDPRConsent
▸ getGDPRConsent(): Promise<GDPRConsentResponse>
Fetch the GDPR consent levels for the current user.
Returns
GDPR consent info
Inherited from
getGroups
▸ getGroups(): string[]
Get an array of group names that the user belongs to.
Returns
string[]
Inherited from
getHandles
▸ getHandles(): Promise<PersonHandle[]>
Fetch all the handles associated with this user from the SlashID API.
Returns
A list of handles available for the user
Inherited from
getOrganizations
▸ getOrganizations(): Promise<OrganizationDetails[]>
Get the organizations the user belongs to.
Returns
Promise<OrganizationDetails[]>
A list of organizations the user belongs to
Inherited from
getTokenForOrganization
▸ getTokenForOrganization(oid): Promise<string>
Given an organization ID, get a new token for the same user in the Organization specified by the Organization ID.
For the call to succeed the following conditions must be met:
- the token must be valid at the time of the request
- the two Organizations must share the same person pool
- the user must be a member of both Organizations
This operation does not count as an authentication, so the new token will have the same expiration time as the original.
Parameters
| Name | Type |
|---|---|
oid | string |
Returns
Promise<string>
A new token for the specified Organization ID
Inherited from
BaseUser.getTokenForOrganization
isAuthenticated
▸ isAuthenticated(): Promise<boolean>
Indicates if the user is authenticated
For anonymous users this will return false
Returns
Promise<boolean>
Inherited from
logout
▸ logout(): Promise<void>
Log out of the current session. Clears the SlashID token.
Returns
Promise<void>
Inherited from
mfa
▸ mfa(handleOrFactor, authenticationFactor?): Promise<void>
Request the user to authenticate with the given method. This method is essentially equivalent to
id, but since the user is already authenticated you can omit the handle or
authenticationFactor parameters, depending on the desired outcome. Please refer to the examples
for the use cases this method covers.
Throws
slashid.errors.InvalidAuthenticationMethodError if the chosen method is
incompatible with the given handle or is not available on the current device.
Error if the operation fails otherwise.
Example
One thing you can do with mfa() is attach other handles to the user.
For example, the user has already authenticated via e-mail magic link with
id, but you want to also attach their phone number. In that case all
the method requires is the handle, not
await user.mfa({
type: "phone_number",
value: "+13337777777"
})
SlashID will send a challenge SMS to the phone number to verify it. If mfa() returns
without throwing any error the procedure is complete and the user object will have been
updated with a refreshed token. For future authentications the user will be able
to use the newly-attached phone number as an alternative to the e-mail address. Consider
though that this call only verified ownership of the phone number and added it to the user
handles, as such the authentication array stays unchanged.
If you want to step-up the user authentication, or simply re-authenticate the user, you can do so by also providing an authentication factor. For example let's assume you want to send a magic link to one of the user's e-mail address:
await user.mfa({
type: "email_address",
value: "..." // one previously-attached address, or a new one to be attached
}, {
method: "email_link"
})
If the e-mail address provided above was not attached to the user, SlashID will verify it
and also perform the authentication. Once again, when mfa() returns the user will have
a refreshed token, but this time its authentication array will also include
"email_link" in addition to the method chosen for the first authentication with
id.
The only edge case to note is that for performing MFA with WebAuthn authentication there's no need to specify an handle, as the ceremony happens on the current device:
await user.mfa(undefined, {
method: "webauthn"
})
Parameters
| Name | Type | Description |
|---|---|---|
handleOrFactor | any | - |
authenticationFactor? | Factor | The authentication factor, please to refer to id documentation for details. |
Returns
Promise<void>
removeGDPRConsent
▸ removeGDPRConsent(request): Promise<void>
Remove the GDPR consent levels from the current user. Consent levels not included in the request will not be changed.
Parameters
| Name | Type | Description |
|---|---|---|
request | DeleteConsentGdprRequest | with consentLevels to remove |
Returns
Promise<void>
Inherited from
removeGDPRConsentAll
▸ removeGDPRConsentAll(): Promise<void>
Remove all stored GDPR consent levels from the current user. Consent levels not included in the request will not be changed, unless deleteAll flag is set to true.
Returns
Promise<void>
Inherited from
set
▸ set<AttributesType>(attributes): Promise<void>
Deprecated
Use getBucket instead.
Type parameters
| Name | Type |
|---|---|
AttributesType | extends JsonObject |
Parameters
| Name | Type |
|---|---|
attributes | AttributesType |
Returns
Promise<void>
Inherited from
setGDPRConsent
▸ setGDPRConsent(request): Promise<GDPRConsentResponse>
Set the GDPR consent levels for the current user. This will overwrite any existing consent levels and set the consent levels to only the ones included with the request.
Parameters
| Name | Type | Description |
|---|---|---|
request | GDPRConsentLevels | with consentLevels to set |
Returns
GDPR consent info
Inherited from
toJSON
▸ toJSON(): string
User objects encode to JSON as a string containing their token value.
Example
JSON.stringify(user) === "\"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiSm9obiBTbWl0aCIsImlhdCI6MTUxNjIzOTAyMn0.dzKuKf6u9G7Crk9tsFnS2cey1zglWTFQv_hjWjmtXms\""
Returns
string
Inherited from
toString
▸ toString(): string
User objects stringify to their token value for convenience:
Example
user.toString() === "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiSm9obiBTbWl0aCIsImlhdCI6MTUxNjIzOTAyMn0.dzKuKf6u9G7Crk9tsFnS2cey1zglWTFQv_hjWjmtXms"
Returns
string
Inherited from
validateToken
▸ validateToken(): Promise<ValidateTokenResponse>
Resolves to a token validity info object which tells if the token is genuine and if it has expired yet.
Returns
Promise<ValidateTokenResponse>
Token validity info
Inherited from
createAnonymousUser
▸ Static createAnonymousUser(options): Promise<BaseUser>
Parameters
| Name | Type |
|---|---|
options | SlashIDOptions |