Overview
Learn about Nhost Auth
Nhost Auth is a ready-to-use authentication service seamlessly integrated with the GraphQL API and its Permission System from Hasura. This allows you to easily add user authentication to your application without having to build and maintain your own authentication system.
Supported Methods
OAuth Providers
Client URL
Client URL is the URL of your frontend application. The Client URL is used to redirect the user in certain auth workflows like signing in or resetting a password.
Allowed Redirect URLs
Allowed Redirect URLs are the URLs of your frontend application that users are allowed to be redirected to on specific auth workflows. This is useful if you have multiple applications using the same Nhost backend or if you want to redirect users to a specific URL after certain authentication workflows.
As an example, for a staging project, you can set the Client URL to https://staging.example.com and Allowed Redirect URLs to https://*.vercel.app. This way, the user can be redirected to any Vercel deployment of your frontend application.
Allowed Emails and Domains
Allowed Emails and Domains are used to restrict what email adresses and domains are valid when signing up and signing in.
If both allowed emails and allowed domains are set a user can only sign up if their email address matches one of the allowed emails or one of the allowed domains.
Blocked Emails and Domains
Blocked Emails and Domains are used to block specific email addresses and domains from signing up and signing in.
Note that even if a user’s email address matches any allowed email or domain, they will still be blocked if their email address matches any blocked email or domain.
Multi-factor Authentication
By enabling Multi-Factor Authentication (MFA), you can allow users to verify their identity using a second factor during the sign-in process. We currently support Authenticator Apps (TOTP) for MFA.
A user can enable MFA for their account by scanning a QR code with their Authenticator App. After that, they will be prompted to enter a code generated by their Authenticator App during the sign-in process.
Gravatar
If Gravatar is enabled, Nhost Auth will use the user’s email address to fetch their Gravatar profile picture. If the user doesn’t have a Gravatar profile picture, a default image will be used.
There are two options for Gravatars.
Default Image
If the user doesn’t have a Gravatar profile picture, a default image will be used. You can choose between the following options:
404: Do not load any image if none is associated with the email hash, instead return an HTTP 404 (File Not Found) response.mp: (mystery-person) a simple, cartoon-style silhouetted outline of a person (does not vary by email hash).identicon: a geometric pattern based on an email hash.monsterid: a generated ‘monster’ with different colors, faces, etc.wavatar: generated faces with differing features and backgrounds.retro: awesome generated, 8-bit arcade-style pixelated faces.robohash: a generated robot with different colors, faces, etc.blank: a transparent PNG image.
Rating
Gravatar images are rated by default. You can choose between the following options:
g: suitable for display on all websites with any audience type.pg: may contain rude gestures, provocatively dressed individuals, lesser swear words or mild violence.r: may contain such things as harsh profanity, intense violence, nudity, or hard drug use.x: may contain hardcore sexual imagery or extremely disturbing violence.
Disable New Users
If set, newly registered users are disabled and won’t be able to sign in. This is useful if you want to manually approve new users before they can sign in.