Sign In with Personal Access Tokens
Nhost allows you to sign in users with personal access tokens (PAT) which is a way to sign in users without an email address or password.
Configuration
Personal Access Tokens can only be created through Hasura Auth or the Nhost JavaScript SDK at the moment.
Create a Personal Access Token
Users must be signed in to create a personal access token. Once a user is signed in, they can create a personal access token.
Example: Create a personal access token:
const expiresAt = new Date(Date.now() + 1000 * 60 * 60 * 24 * 30) // 30 days
const metadata = { name: 'Example PAT' } // Optional metadata
const { data, error } = await nhost.auth.createPAT(expiresAt, metadata)
// Something unexpected happened
if (error) {
console.error(error)
return
}
console.log(data.id) // The personal access token ID (can be used to delete the token later)
console.log(data.personalAccessToken) // The personal access token
Users can create multiple personal access tokens. Each token can have a different expiration date and metadata.
Sign In
Once a user has created a personal access token, they can use it to sign in.
Example: Sign in with a personal access token:
const { error, session } = await nhost.auth.signInPAT('<personal-access-token>')
// Something unexpected happened
if (error) {
console.log(error)
return
}
// User is signed in
console.log(session.user)
List or Remove Personal Access Tokens
To list and remove personal access tokens, use GraphQL and set permissions on the auth.refresh_tokens
table:
Example: Get all personal access tokens for a user:
query personalAccessTokens($userId: uuid!) {
authRefreshTokens(where: { _and: [{ userId: { _eq: $userId } }, { type: { _eq: pat } }] }) {
id
expiresAt
metadata
}
}
Example: Remove a personal access token:
mutation removePersonalAccessToken($id: uuid!) {
deleteAuthRefreshToken(id: $id) {
id
}
}