Skip to main content

Class: User

Objects of this type represent an authenticated user. If you have a token you can instantiate your own User. This class is server side rendering (SSR) friendly as it only uses the fetch API with no other dependencies on browser APIs.

A User object gives you access to methods to:

Remarks

User objects are safe for serialization, you can pass them to other contexts with the postMessage family of functions.

Hierarchy

Constructors

constructor

new User(token, optionsOrSid?)

Reconstruct an authenticated user from its token value. An instance can be created in multiple ways:

  • by calling id to perform authentication
  • by calling getUser to reconstruct a user from a token while reusing the existing SDK instance
  • by creating it directly using the constructor (not advised)

Instances can only be constructed in a browser environment due to dependency on SlashID.

Throws

TypeError If the given optionsOrSid, if defined, fail validation, or the given token cannot be decoded.

Parameters

NameTypeDescription
tokenstringA user token value.
optionsOrSid?SlashIDSlashID instance or SlashID connection options. It is preferred to pass in the SlashID instance

Overrides

BaseUser.constructor

new User(token, optionsOrSid?)

Deprecated

use SlashId instead of SlashIDOptions as it ensures the expected behaviour of the internal event emitter

Parameters

NameType
tokenstring
optionsOrSid?SlashIDOptions

Overrides

BaseUser.constructor

Accessors

ID

get ID(): string

This user's ID. Use this property in your backend services when interacting with the SlashID User Management API.

Returns

string

Inherited from

BaseUser.ID


anonymous

get anonymous(): boolean

Indicates if the user is an anonymous user

Returns

boolean

Inherited from

BaseUser.anonymous


authentication

get authentication(): FactorMethod[]

Indicates which authentication methods the user has been verified with. It can contain multiple items in case of multi factor authentication.

Returns

FactorMethod[]

Inherited from

BaseUser.authentication


authentications

get authentications(): Authentication[]

Indicates which authentication methods the user has been verified with, including the handles used for each method.

Returns

Authentication[]

Inherited from

BaseUser.authentications


firstLogin

get firstLogin(): boolean

Indicates whether the user has been just registered, otherwise it's a returning user.

Returns

boolean

Inherited from

BaseUser.firstLogin


oid

get oid(): string

The organization ID this user belongs to.

Returns

string

Inherited from

BaseUser.oid


token

get token(): string

The entire, signed authentication token of this user.

Returns

string

Inherited from

BaseUser.token


tokenClaims

get tokenClaims(): UserToken

The claims of the user token.

Returns

UserToken

Inherited from

BaseUser.tokenClaims


tokenContainer

get tokenContainer(): string

The entire token container

Returns

string

either the token container string or an empty string

Inherited from

BaseUser.tokenContainer


tokenContainerClaims

get tokenContainerClaims(): undefined | TokenContainer

If the user instance is created with a TokenContainer this will return the claims of the token container. Otherwise it will return undefined.

Returns

undefined | TokenContainer

Inherited from

BaseUser.tokenContainerClaims

Methods

addGDPRConsent

addGDPRConsent(request): Promise<GDPRConsentResponse>

Add the GDPR consent levels to the current user. Consent levels not included in the request will not be changed.

Parameters

NameTypeDescription
requestGDPRConsentLevelswith consent levels to add

Returns

Promise<GDPRConsentResponse>

GDPR consent info

Inherited from

BaseUser.addGDPRConsent


createDirectID

createDirectID(): Promise<undefined | string>

Create a DirectID based on your token

Returns

Promise<undefined | string>

directID token

Inherited from

BaseUser.createDirectID


delete

delete(attributeNames): Promise<any>

Deprecated

Use getBucket instead.

Parameters

NameType
attributeNamesstring[]

Returns

Promise<any>

Inherited from

BaseUser.delete


get

get<AttributesType>(attributeNames?): Promise<AttributesType>

Deprecated

Use getBucket instead.

Type parameters

NameType
AttributesTypeextends JsonObject

Parameters

NameType
attributeNames?string[]

Returns

Promise<AttributesType>

Inherited from

BaseUser.get


getAttributesClient

getAttributesClient(): AttributesApi

Exposes the attributes client so the Bucket instance can access it

Returns

AttributesApi

Inherited from

BaseUser.getAttributesClient


getBucket

getBucket(bucketName?): Bucket

Creates a Bucket object used to access attributes.

Parameters

NameTypeDefault valueDescription
bucketNamestringDefaultBucketName.end_user_read_writename of the bucket we want to access - uses "end_user_read_write" as default. You can pass in any string that corresponds to a name of a bucket set up for your organization. You can use any of the preset bucket names with corresponding permissions and scopes - DefaultBucketName.

Returns

Bucket

Inherited from

BaseUser.getBucket


getGDPRConsent

getGDPRConsent(): Promise<GDPRConsentResponse>

Fetch the GDPR consent levels for the current user.

Returns

Promise<GDPRConsentResponse>

GDPR consent info

Inherited from

BaseUser.getGDPRConsent


getGroups

getGroups(): string[]

Get an array of group names that the user belongs to.

Returns

string[]

Inherited from

BaseUser.getGroups


getHandles

getHandles(): Promise<PersonHandle[]>

Fetch all the handles associated with this user from the SlashID API.

Returns

Promise<PersonHandle[]>

A list of handles available for the user

Inherited from

BaseUser.getHandles


getOrganizations

getOrganizations(): Promise<OrganizationDetails[]>

Get the organizations the user belongs to.

Returns

Promise<OrganizationDetails[]>

A list of organizations the user belongs to

Inherited from

BaseUser.getOrganizations


getTokenForOrganization

getTokenForOrganization(oid): Promise<string>

Given an organization ID, get a new token for the same user in the Organization specified by the Organization ID.

For the call to succeed the following conditions must be met:

  • the token must be valid at the time of the request
  • the two Organizations must share the same person pool
  • the user must be a member of both Organizations

This operation does not count as an authentication, so the new token will have the same expiration time as the original.

Parameters

NameType
oidstring

Returns

Promise<string>

A new token for the specified Organization ID

Inherited from

BaseUser.getTokenForOrganization


isAuthenticated

isAuthenticated(): Promise<boolean>

Indicates if the user is authenticated

For anonymous users this will return false

Returns

Promise<boolean>

Inherited from

BaseUser.isAuthenticated


logout

logout(): Promise<void>

Log out of the current session. Clears the SlashID token. Will attempt revoking the token server-side.

Returns

Promise<void>

Inherited from

BaseUser.logout


mfa

mfa(handleOrFactor, authenticationFactor?): Promise<void>

Request the user to authenticate with the given method. This method is essentially equivalent to id, but since the user is already authenticated you can omit the handle or authenticationFactor parameters, depending on the desired outcome. Please refer to the examples for the use cases this method covers.

Throws

slashid.errors.InvalidAuthenticationMethodError if the chosen method is incompatible with the given handle or is not available on the current device. Error if the operation fails otherwise.

Example

One thing you can do with mfa() is attach other handles to the user. For example, the user has already authenticated via e-mail magic link with id, but you want to also attach their phone number. In that case all the method requires is the handle, not

await user.mfa({
type: "phone_number",
value: "+13337777777"
})

SlashID will send a challenge SMS to the phone number to verify it. If mfa() returns without throwing any error the procedure is complete and the user object will have been updated with a refreshed token. For future authentications the user will be able to use the newly-attached phone number as an alternative to the e-mail address. Consider though that this call only verified ownership of the phone number and added it to the user handles, as such the authentication array stays unchanged.

If you want to step-up the user authentication, or simply re-authenticate the user, you can do so by also providing an authentication factor. For example let's assume you want to send a magic link to one of the user's e-mail address:

await user.mfa({
type: "email_address",
value: "..." // one previously-attached address, or a new one to be attached
}, {
method: "email_link"
})

If the e-mail address provided above was not attached to the user, SlashID will verify it and also perform the authentication. Once again, when mfa() returns the user will have a refreshed token, but this time its authentication array will also include "email_link" in addition to the method chosen for the first authentication with id.

The only edge case to note is that for performing MFA with WebAuthn authentication there's no need to specify an handle, as the ceremony happens on the current device:

await user.mfa(undefined, {
method: "webauthn"
})

Parameters

NameTypeDescription
handleOrFactorany-
authenticationFactor?FactorThe authentication factor, please to refer to id documentation for details.

Returns

Promise<void>


removeGDPRConsent

removeGDPRConsent(request): Promise<void>

Remove the GDPR consent levels from the current user. Consent levels not included in the request will not be changed.

Parameters

NameTypeDescription
requestDeleteConsentGdprRequestwith consentLevels to remove

Returns

Promise<void>

Inherited from

BaseUser.removeGDPRConsent


removeGDPRConsentAll

removeGDPRConsentAll(): Promise<void>

Remove all stored GDPR consent levels from the current user. Consent levels not included in the request will not be changed, unless deleteAll flag is set to true.

Returns

Promise<void>

Inherited from

BaseUser.removeGDPRConsentAll


set

set<AttributesType>(attributes): Promise<void>

Deprecated

Use getBucket instead.

Type parameters

NameType
AttributesTypeextends JsonObject

Parameters

NameType
attributesAttributesType

Returns

Promise<void>

Inherited from

BaseUser.set


setGDPRConsent

setGDPRConsent(request): Promise<GDPRConsentResponse>

Set the GDPR consent levels for the current user. This will overwrite any existing consent levels and set the consent levels to only the ones included with the request.

Parameters

NameTypeDescription
requestGDPRConsentLevelswith consentLevels to set

Returns

Promise<GDPRConsentResponse>

GDPR consent info

Inherited from

BaseUser.setGDPRConsent


toJSON

toJSON(): string

User objects encode to JSON as a string containing their token value.

Example

JSON.stringify(user) === "\"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiSm9obiBTbWl0aCIsImlhdCI6MTUxNjIzOTAyMn0.dzKuKf6u9G7Crk9tsFnS2cey1zglWTFQv_hjWjmtXms\""

Returns

string

Inherited from

BaseUser.toJSON


toString

toString(): string

User objects stringify to their token value for convenience:

Example

user.toString() === "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiSm9obiBTbWl0aCIsImlhdCI6MTUxNjIzOTAyMn0.dzKuKf6u9G7Crk9tsFnS2cey1zglWTFQv_hjWjmtXms"

Returns

string

Inherited from

BaseUser.toString


validateToken

validateToken(): Promise<ValidateTokenResponse>

Resolves to a token validity info object which tells if the token is genuine and if it has expired yet.

Returns

Promise<ValidateTokenResponse>

Token validity info

Inherited from

BaseUser.validateToken


createAnonymousUser

Static createAnonymousUser(options): Promise<BaseUser>

Parameters

NameType
optionsSlashIDOptions

Returns

Promise<BaseUser>

Inherited from

BaseUser.createAnonymousUser